[Webkit-unassigned] [Bug 127424] Crashes in setTextForIterator
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 22 10:15:49 PST 2014
https://bugs.webkit.org/show_bug.cgi?id=127424
--- Comment #4 from peavo at outlook.com 2014-01-22 10:13:19 PST ---
(In reply to comment #3)
> (From update of attachment 221864 [details])
> I'd like better understanding of why we are off by one here. Are some routines expecting the buffer to hold a null termination? I notice that most of the uses of UTextWIthBufferInlineCapacity are actually "UTextWithBufferInlineCapacity + 1" (for memsets, etc.) Is that where the crash was occurring?
No, the crash occurs at the end of setTextForIterator, because runtime checks detects that we have written past a stack variable (UTextWithBuffer textLocal, in setTextForIterator), and damaged the stack.
It is the memset that writes past the stack variable.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list