Commit 243ab97a authored by japhet@chromium.org's avatar japhet@chromium.org
Browse files

2011-01-20 Nate Chapin <japhet@chromium.org>

        Reviewed by Darin Fisher.

        [V8] Call malloc and memcpy directly instead of
        of strdup in convertV8ObjectToNPVariant() when
        converting strings. If there is a null character
        in the string, our use of strdup causes us to allocate
        too little memory, leading to out of bounds reads.

        https://bugs.webkit.org/show_bug.cgi?id=52631

        * bindings/v8/V8NPUtils.cpp:
        (WebCore::convertV8ObjectToNPVariant):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@76264 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 30f524a6
2011-01-20 Nate Chapin <japhet@chromium.org>
Reviewed by Darin Fisher.
[V8] Call malloc and memcpy directly instead of
of strdup in convertV8ObjectToNPVariant() when
converting strings. If there is a null character
in the string, our use of strdup causes us to allocate
too little memory, leading to out of bounds reads.
https://bugs.webkit.org/show_bug.cgi?id=52631
* bindings/v8/V8NPUtils.cpp:
(WebCore::convertV8ObjectToNPVariant):
2011-01-20 Andreas Kling <kling@webkit.org>
 
Reviewed by Ariya Hidayat.
......@@ -63,8 +63,9 @@ void convertV8ObjectToNPVariant(v8::Local<v8::Value> object, NPObject* owner, NP
VOID_TO_NPVARIANT(*result);
else if (object->IsString()) {
v8::String::Utf8Value utf8(object);
char* utf8_chars = strdup(*utf8);
STRINGN_TO_NPVARIANT(utf8_chars, utf8.length(), *result);
char* utf8Chars = reinterpret_cast<char*>(malloc(utf8.length()));
memcpy(utf8Chars, *utf8, utf8.length());
STRINGN_TO_NPVARIANT(utf8Chars, utf8.length(), *result);
} else if (object->IsObject()) {
DOMWindow* window = V8Proxy::retrieveWindow(V8Proxy::currentContext());
NPObject* npobject = npCreateV8ScriptObject(0, v8::Handle<v8::Object>::Cast(object), window);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment