[Webkit-unassigned] [Bug 52791] Buffer overrun in WebCore::InspectorBasicValue::writeJSON

Fri Feb 4 00:11:06 PST 2011

https://bugs.webkit.org/show_bug.cgi?id=52791

--- Comment #16 from Mikołaj Małecki <m.malecki at samsung.com>  2011-02-04 00:11:06 PST ---
(In reply to comment #14)
> > WebCore/ChangeLog:7
> > +        No new tests. The problem can be reproduced by trying to create InspectorValue
> 
> Nit: I think you could add a console.log("Large value %d", 1E10000) or similar into http://codesearch.google.com/codesearch/p?hl=en#OAMlx_jo-ck/src/third_party/WebKit/LayoutTests/inspector/console-format.html&q=LayoutTests/inspector/console&exact_package=chromium&l=12 and do run-webkit-tests --debug inspector/console-format.hmtl. That would cover our work!

I'm afraid not. I haven't found any part of tests that would test this thing; I even think that if there was any, this bug would have been found months ago already.

In order to reproduce this problem, you'd have to make an InspectorValue of type number, set it the value of, say, "1.0e-200", and call v->toJSONString(). No part of the javascript engine is using this thing, especially that this API is a new thing and previously only the javascript scripts were able to be used as inspector clients. These are uses of toJSONString in the whole webkit code, including tests (I cut off efl/WebCoreSupport because it contains a new feature I am developing and will submit separately):

> grep -r toJSONString WebCore WebKit JavaScriptCore WebKitTools | grep -v efl/WebCoreSupport/
WebCore/inspector/InspectorController.cpp:    m_client->storeSetting(breakpointsSettingKey(), breakpoints->toJSONString());
WebCore/inspector/InspectorValues.cpp:String InspectorValue::toJSONString() const
WebCore/inspector/CodeGeneratorInspector.pm:        push(@function, "    m_inspectorClient->sendMessageToFrontend(${functionName}Message->toJSONString());");
WebCore/inspector/CodeGeneratorInspector.pm:    push(@function, "        m_inspectorController->inspectorClient()->sendMessageToFrontend(responseMessage->toJSONString());");
WebCore/inspector/CodeGeneratorInspector.pm:    m_inspectorController->inspectorClient()->sendMessageToFrontend(message->toJSONString());
WebCore/inspector/InspectorState.cpp:    m_client->updateInspectorStateCookie(cookieObject->toJSONString());
WebCore/inspector/InspectorValues.h:    String toJSONString() const;
WebCore/ChangeLog:        from 1.0e-100 and call ->toJSONString() on this.
WebCore/ChangeLog:        (WebCore::InspectorBaseValue::toJSONString):

In other words: what tests should I update stating that no one has added any tests for the Web Inspector C++ API?

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.