[Webkit-unassigned] [Bug 211131] [WPE][GTK] Paths should be canonicalized before calling bwrap
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Feb 23 14:14:11 PST 2022
https://bugs.webkit.org/show_bug.cgi?id=211131
--- Comment #10 from apteryx <maxim.cournoyer at gmail.com> ---
>
> > Source/WebKit/ChangeLog:3
> > + Canonicalize source paths passed to bindIfExists in BubbleWrap launcher
>
> This line should match the title of the bug:
>
>
> [WPE][GTK] Paths should be canonicalized before calling bwrap
Fixed.
> > Source/WebKit/ChangeLog:6
> > + Reviewed by Michael Catanzaro and Adrian Perez.
>
> Please don't fill this out yourself unless you've actually received r+. Just
> leave it saying NOBODY (OOPS!). Confusing, I know....
OK! I wasn't sure. Fixed.
> > Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:172
> > + const char* rpath = realPath.utf8().data();
> > + args.appendVector(Vector<CString>({ bindOption, rpath, rpath }));
>
> This is a use-after-free again. The temporary utf8() is out of scope, so
> rpath is dangling here. You must own the memory somehow. Probably the
> easiest way is to change rpath to be a CString:
>
> CString rpath = realPath.utf8();
> args.appendVector(Vector<CString>({ bindOption, rpath.data(), rpath.data()
> }));
>
> I think that would work.
Tricky! I'm still not sure I fully understand; but I've used your suggestion.
Thank you!
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220223/7474bb58/attachment-0001.htm>
More information about the webkit-unassigned
mailing list