[Webkit-unassigned] [Bug 118563] Nightly builds crash on launch in IconDatabase SQLiteStatement::prepare() for some users

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Nov 1 16:59:24 PDT 2013


--- Comment #7 from Mark Rowe (bdash) <mrowe at apple.com>  2013-11-01 16:58:10 PST ---
The direct cause of this crash is that we're assuming that sqlite3_prepare_v2 always initializes the memory that pzTail points to:

    const char* tail;
    int error = sqlite3_prepare_v2(m_database.sqlite3Handle(), query.data(), lengthIncludingNullCharacter, &m_statement, &tail);

    if (error != SQLITE_OK)
        LOG(SQLDatabase, "sqlite3_prepare16 failed (%i)\n%s\n%s", error, query.data(), sqlite3_errmsg(m_database.sqlite3Handle()));

    if (tail && *tail)
        error = SQLITE_ERROR;

If it doesn't initialize it then tail will contain garbage and we'll happily dereference it.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list