[Webkit-unassigned] [Bug 190139] New: [WPE] fix buffer over-read in RenderThemeWPE::mediaControlsStyleSheet()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Oct 1 08:01:41 PDT 2018


https://bugs.webkit.org/show_bug.cgi?id=190139

            Bug ID: 190139
           Summary: [WPE] fix buffer over-read in
                    RenderThemeWPE::mediaControlsStyleSheet()
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit WPE
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: olivier.blin at softathome.com
                CC: bugs-noreply at webkitgtk.org, mcatanzaro at igalia.com,
                    yusukesuzuki at slowstart.org, zan at falconsigh.net

Like done for EFL in r210213, see https://bugs.webkit.org/show_bug.cgi?id=166622

This has been detected by a charactersAreAllASCII() assert failure.

This is because ASCIILiteral() is wrongly used in mediaControlsStyleSheet().
mediaControlsBaseUserAgentStyleSheet is a char array, not a null-terminated string.
It is thus incorrect to use StringImpl::createFromLiteral() that calls strlen() to get the string length.

The String::ConstructFromLiteral constructor can not be used, since it skips the last character.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181001/304cbe91/attachment.html>


More information about the webkit-unassigned mailing list