[Webkit-unassigned] [Bug 56301] chrome.dll!WebCore::RenderBlock::removeFloatingObjectsBelow ReadAV at NULL (928f227631041a7b4b71dd15efeae337)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed May 11 02:12:27 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=56301
--- Comment #5 from Berend-Jan Wever <skylined at chromium.org> 2011-05-11 02:12:27 PST ---
In general, NULL ptr crashes are not security issues if they directly reference the NULL or NULL plus a small static offset. However, if they reference memory at an attacker controllable offset from NULL, they may be exploitable. Eg. if you have a NULL ptr used for an array, and the attacker can control the index into this array. This pseudo-code would be bad:
void bad(uint index) {
char* null = 0;
null[index] = 'A';
}
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list