[Webkit-unassigned] [Bug 183347] [GTK] WebProcess from WebKitGtk+ 2.19.91 SIGSEVs in webkitAccessibleGetValueAndText() at Source/WebCore/accessibility/atk/WebKitAccessibleInterfaceValue.cpp:71
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Mar 5 17:43:12 PST 2018
https://bugs.webkit.org/show_bug.cgi?id=183347
--- Comment #2 from Michael Catanzaro <mcatanzaro at igalia.com> ---
It's crashing when retrieving a particular HTTP auth password from the keyring. It's probably triggered by visiting a particular website. If you know which website is triggering this (e.g. our intranet?) then you could investigate with seahorse and see if there is any weird data in the keyring.
I don't know about this one. The trap here is that passwordData might not be null-terminated if the data in the keyring has been modified from what WebKit originally set. I think the current code should be safe against that, because it's careful to use the size of the returned data, and it looks like it should also be safe if secret_value_get() returns null or has zero size. I guess I must be wrong about something here, though.
We could try null-checking passwordData. We could also try using secret_value_get_text() instead of secret_value_get() in order to get a null-terminated string and not have to use the length overload of String::fromUTF8. I think I would try both, for good measure. The downside of using flatpak is that now it's much harder to give you a debugging patch to try....
Let's see what Carlos thinks.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180306/2a900459/attachment.html>
More information about the webkit-unassigned
mailing list