[Webkit-unassigned] [Bug 187239] New: [WPE][GTK] Use after free in xdgmime
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Jul 1 19:54:00 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=187239
Bug ID: 187239
Summary: [WPE][GTK] Use after free in xdgmime
Product: WebKit
Version: Other
Hardware: PC
OS: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit Gtk
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mcatanzaro at igalia.com
CC: bugs-noreply at webkitgtk.org
Chromium has this patch to xdgmime:
diff --git a/base/third_party/xdg_mime/xdgmime.c b/base/third_party/xdg_mime/xdgmime.c
index c7b16bb..6dc58c2 100644
--- a/base/third_party/xdg_mime/xdgmime.c
+++ b/base/third_party/xdg_mime/xdgmime.c
@@ -558,13 +558,13 @@ xdg_mime_get_mime_type_for_file (const char *file_name,
mime_type = _xdg_mime_magic_lookup_data (global_magic, data, bytes_read, NULL,
mime_types, n);
- free (data);
fclose (file);
- if (mime_type)
- return mime_type;
+ if (!mime_type)
+ mime_type = _xdg_binary_or_text_fallback(data, bytes_read);
- return _xdg_binary_or_text_fallback(data, bytes_read);
+ free (data);
+ return mime_type;
}
const char *
I'm pretty sure this code is never executed by either Chromium or WebKit, but I'm not comfortable with leaving it broken, so we should include this patch. It has been submitted to upstream at https://bugs.freedesktop.org/show_bug.cgi?id=100733, but the maintainer has indicated a disinterest in continuing to maintain upstream xdgmime, probably because it is xdgmime.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180702/c0b47815/attachment.html>
More information about the webkit-unassigned
mailing list