[Webkit-unassigned] [Bug 93078] New: SharedBuffer::copy() can cause segmentation fault.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Aug 3 01:17:20 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=93078
Summary: SharedBuffer::copy() can cause segmentation fault.
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: Platform
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: luxtella at company100.net
After SharedBuffer::copy(), SharedBuffer::append() often causes segmentation fault,
because copy() calls clone->m_buffer.append(m_segments[i], segmentSize) even if
'i' is the last index. The data size of m_segments.last() is often less than
segmentSize. So, in the cloned instance m_size < (m_buffer.size() + SUM(m_segments[i].size())).
This patch appends the exact size of the last segment instead of segmentSize.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list