[Webkit-unassigned] [Bug 51055] NULL deref in WebCore::HTMLEntitySearch::advance
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Dec 14 14:32:04 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=51055
--- Comment #2 from Thomas Sepez <tsepez at chromium.org> 2010-12-14 14:32:04 PST ---
This is a straight null parser de-ref. It can also be triggered by loading an XML file of the form:
<!DOCTYPE foo PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "">
<foo foo="&:;
The HTMLEntityTable::firstEntryStartingWith() method called by HTMLEntitySearch::Advance() may well return null when passed a non-alpha character.
The code above this allows an entity name to contain a number of (legit) non-alpha characters.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list