[Webkit-unassigned] [Bug 52791] Buffer overrun in WebCore::InspectorBasicValue::writeJSON

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=52791





--- Comment #17 from Pavel Feldman <pfeldman at chromium.org>  2011-02-04 04:48:14 PST ---
> I'm afraid not. I haven't found any part of tests that would test this thing; I even think that if there was any, this bug would have been found months ago already.

You are right, we now send stringified descriptions for all the wrapped object values, so we don't hit this scenario.

> In order to reproduce this problem, you'd have to make an InspectorValue of type number, set it the value of, say, "1.0e-200", and call v->toJSONString(). No part of the javascript engine is using this thing, especially that this API is a new thing and previously only the javascript scripts were able to be used as inspector clients. These are uses of toJSONString in the whole webkit code, including tests (I cut off efl/WebCoreSupport because it contains a new feature I am developing and will submit separately):
>

While designing InspectorValue, we were aiming a JSON subset for the data generated by the inspector itself. It sounds like our use cases fit the implementation. I am thinking that you might be using InspectorValue for non-inspector purposes. Or is it not so? Why do you hit this scenario?

> In other words: what tests should I update stating that no one has added any tests for the Web Inspector C++ API?

See above. On a general note, we are using layout tests in WebKit instead of testing C++ API.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.