[Webkit-unassigned] [Bug 126339] Path to font.config is hardcoded (non modifiable)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jan 10 04:03:38 PST 2014
https://bugs.webkit.org/show_bug.cgi?id=126339
--- Comment #2 from Grzegorz Czajkowski <g.czajkowski at samsung.com> 2014-01-10 04:01:19 PST ---
(From update of attachment 220156)
View in context: https://bugs.webkit.org/attachment.cgi?id=220156&action=review
> Tools/DumpRenderTree/efl/FontManagement.cpp:132
> + const char* fontConfigFilename = buildPath(fontConfigPath(), "fonts.conf", 0).data();
I tested it locally and it caused use-after-free condition. data() method which returns poiner to a C string is called on temporary object. Although the temporally object is destroyed we still refer to the pointer which contains wrong data.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list