[Webkit-unassigned] [Bug 118563] Nightly builds crash on launch in IconDatabase SQLiteStatement::prepare() for some users
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Nov 1 16:59:24 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=118563
--- Comment #7 from Mark Rowe (bdash) <mrowe at apple.com> 2013-11-01 16:58:10 PST ---
The direct cause of this crash is that we're assuming that sqlite3_prepare_v2 always initializes the memory that pzTail points to:
const char* tail;
int error = sqlite3_prepare_v2(m_database.sqlite3Handle(), query.data(), lengthIncludingNullCharacter, &m_statement, &tail);
if (error != SQLITE_OK)
LOG(SQLDatabase, "sqlite3_prepare16 failed (%i)\n%s\n%s", error, query.data(), sqlite3_errmsg(m_database.sqlite3Handle()));
if (tail && *tail)
error = SQLITE_ERROR;
If it doesn't initialize it then tail will contain garbage and we'll happily dereference it.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list