Commit b035e72f authored by adachan@apple.com's avatar adachan@apple.com

<rdar://problem/5757873> Buffer overrun in DeprecatedCString::find() in WebCore

        We could get a buffer overrun in DeprecatedCString::find() if the end of the
        string matches a beginning portion of the substring, for example, if string is
        "a" but the substring is "ab".
        The code as is also will not match things correctly under certain situations
        since the inner while loop increments the index. For example, we wouldn't find
        a match if the string is "aab..." and the substring is "ab".  Changed the 
        inner while loop to increment a temporary index into str.
        
        Test: fast/loader/charset-parse.html

        Reviewed by Dan Berstein.

        * platform/DeprecatedCString.cpp:
        (WebCore::DeprecatedCString::find):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@30468 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent c93d9bf0
2008-02-21 Ada Chan <adachan@apple.com>
Test for <rdar://problem/5757873> Buffer overrun in DeprecatedCString::find() in WebCore
Reviewed by Dan Bernstein.
* fast/loader/charset-parse-expected.txt: Added.
* fast/loader/charset-parse.html: Added.
2008-02-21 Geoffrey Garen <ggaren@apple.com>
Reviewed by David Harrison.
This tests the parsing of charset in the meta tag. The following should be a Hebrew word:
עברית
<html>
<head>
<meta http-equiv="Content-Type" content=char>
<meta http-equiv="Content-Type" content="chcharset=windows-1255" />
<script>
if (window.layoutTestController)
layoutTestController.dumpAsText();
</script>
</head>
<body>
<p>This tests the parsing of charset in the meta tag. The following should be a Hebrew word:</p>
</body>
</html>
2008-02-21 Ada Chan <adachan@apple.com>
<rdar://problem/5757873> Buffer overrun in DeprecatedCString::find() in WebCore
We could get a buffer overrun in DeprecatedCString::find() if the end of the
string matches a beginning portion of the substring, for example, if string is
"a" but the substring is "ab".
The code as is also will not match things correctly under certain situations
since the inner while loop increments the index. For example, we wouldn't find
a match if the string is "aab..." and the substring is "ab". Changed the
inner while loop to increment a temporary index into str.
Test: fast/loader/charset-parse.html
Reviewed by Dan Berstein.
* platform/DeprecatedCString.cpp:
(WebCore::DeprecatedCString::find):
2008-02-21 David Hyatt <hyatt@apple.com>
Fix for bug 17301. CSS media queries need to use the correct viewport
......@@ -182,16 +182,17 @@ int DeprecatedCString::find(const char *sub, int index, bool cs) const
// compare until we reach the end or a mismatch
pos = 0;
int posInStr = index;
if( cs )
while( (a=sub[pos]) && (b=str[index]) && a==b )
pos++, index++;
while ((a = sub[pos]) && (b = str[posInStr]) && a == b)
pos++, posInStr++;
else
while( (a=sub[pos]) && (b=str[index]) && toASCIILower(a)==toASCIILower(b) )
pos++, index++;
while ((a = sub[pos]) && (b = str[posInStr]) && toASCIILower(a) == toASCIILower(b))
pos++, posInStr++;
// reached the end of our compare string without a mismatch?
if( sub[pos] == 0 )
return index - pos;
return index;
index ++;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment