[Webkit-unassigned] [Bug 188568] [GTK][WPE] Implement subprocess sandboxing
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Aug 21 17:50:18 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=188568
--- Comment #18 from Michael Catanzaro <mcatanzaro at igalia.com> ---
Best uncomment conditions.add('asan') in the jhbuildrc I gave you, because I sree a heap use after free when starting Epiphany. The problem is in resolveAndCreateReadWriteDirectoryForSandboxExtension, where cpath points to the internal buffer of path.utf8(), which is a temporary that has already been destroyed when you check if (!cpath[0]) on the next line. The simplest solution would be to initialize cpath with path.utf8() rather than path.utf8().data(), so that it's a CString rather than a const char*.
But you don't really need it at all, since you can just check path.isEmpty() instead:
String resolveAndCreateReadWriteDirectoryForSandboxExtension(const String& path)
{
if (path.isEmpty())
return { };
if (g_mkdir_with_parents(path.utf8().data(), 0700) == -1) {
g_warning("Could not create directory \"%s\": %s", path.utf8().data(), g_strerror(errno));
return { };
}
return path;
}
BTW, I still think you should duplicate code rather than implement Sandbox Extension.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180822/ab0301a2/attachment.html>
More information about the webkit-unassigned
mailing list