[Webkit-unassigned] [Bug 190139] New: [WPE] fix buffer over-read in RenderThemeWPE::mediaControlsStyleSheet()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Oct 1 08:01:41 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=190139
Bug ID: 190139
Summary: [WPE] fix buffer over-read in
RenderThemeWPE::mediaControlsStyleSheet()
Product: WebKit
Version: Other
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit WPE
Assignee: webkit-unassigned at lists.webkit.org
Reporter: olivier.blin at softathome.com
CC: bugs-noreply at webkitgtk.org, mcatanzaro at igalia.com,
yusukesuzuki at slowstart.org, zan at falconsigh.net
Like done for EFL in r210213, see https://bugs.webkit.org/show_bug.cgi?id=166622
This has been detected by a charactersAreAllASCII() assert failure.
This is because ASCIILiteral() is wrongly used in mediaControlsStyleSheet().
mediaControlsBaseUserAgentStyleSheet is a char array, not a null-terminated string.
It is thus incorrect to use StringImpl::createFromLiteral() that calls strlen() to get the string length.
The String::ConstructFromLiteral constructor can not be used, since it skips the last character.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181001/304cbe91/attachment.html>
More information about the webkit-unassigned
mailing list