Crashes in setTextForIterator

https://bugs.webkit.org/show_bug.cgi?id=127424

Patch by peavo@outlook.com <peavo@outlook.com> on 2014-01-22
Reviewed by Brent Fulgham.

* platform/text/icu/UTextProviderLatin1.cpp:
(WebCore::uTextLatin1Clone): Provide correct buffer size in utext_setup function call.
(WebCore::uTextLatin1Access): Give correct buffer size to memset call.
(WebCore::openLatin1UTextProvider): Ditto.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@162544 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 6e2fdd9e
2014-01-22 peavo@outlook.com <peavo@outlook.com>
Crashes in setTextForIterator
https://bugs.webkit.org/show_bug.cgi?id=127424
Reviewed by Brent Fulgham.
* platform/text/icu/UTextProviderLatin1.cpp:
(WebCore::uTextLatin1Clone): Provide correct buffer size in utext_setup function call.
(WebCore::uTextLatin1Access): Give correct buffer size to memset call.
(WebCore::openLatin1UTextProvider): Ditto.
2014-01-22 Jer Noble <jer.noble@apple.com>
[Mac] MediaPlayerPrivateMediaSourceAVFObjC::load ASSERTs on lots of tests
......@@ -67,7 +67,7 @@ static UText* uTextLatin1Clone(UText* destination, const UText* source, UBool de
if (U_FAILURE(*status))
return 0;
UText* result = utext_setup(destination, sizeof(UChar) * (UTextWithBufferInlineCapacity + 1), status);
UText* result = utext_setup(destination, sizeof(UChar) * UTextWithBufferInlineCapacity, status);
if (U_FAILURE(*status))
return destination;
......@@ -82,7 +82,7 @@ static UText* uTextLatin1Clone(UText* destination, const UText* source, UBool de
result->a = source->a;
result->pFuncs = &uTextLatin1Funcs;
result->chunkContents = (UChar*)result->pExtra;
memset(const_cast<UChar*>(result->chunkContents), 0, sizeof(UChar) * (UTextWithBufferInlineCapacity + 1));
memset(const_cast<UChar*>(result->chunkContents), 0, sizeof(UChar) * UTextWithBufferInlineCapacity);
return result;
}
......@@ -132,7 +132,7 @@ static UBool uTextLatin1Access(UText* uText, int64_t index, UBool forward)
if (uText->chunkNativeLimit > length)
uText->chunkNativeLimit = length;
uText->chunkNativeStart = uText->chunkNativeLimit - UTextWithBufferInlineCapacity;
uText->chunkNativeStart = uText->chunkNativeLimit - UTextWithBufferInlineCapacity;
if (uText->chunkNativeStart < 0)
uText->chunkNativeStart = 0;
......@@ -228,7 +228,7 @@ UText* openLatin1UTextProvider(UTextWithBuffer* utWithBuffer, const LChar* strin
text->a = length;
text->pFuncs = &uTextLatin1Funcs;
text->chunkContents = (UChar*)text->pExtra;
memset(const_cast<UChar*>(text->chunkContents), 0, sizeof(UChar) * (UTextWithBufferInlineCapacity + 1));
memset(const_cast<UChar*>(text->chunkContents), 0, sizeof(UChar) * UTextWithBufferInlineCapacity);
return text;
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment