diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog index 971ab6906d6791ef42b61df244121537a161df9c..221be63d831288e5be3728458b3eecc2ce1f5a44 100644 --- a/LayoutTests/ChangeLog +++ b/LayoutTests/ChangeLog @@ -1,3 +1,15 @@ +2012-10-15 Jay Civelli + + Calling WebCore::SharedBuffer::append(data, 0) on a shared buffer when + its current position is at a segment boundary (4096) ends up adding an + unitialized segment (with uninitialized memory) to the SharedBuffer. + https://bugs.webkit.org/show_bug.cgi?id=99000 + + Reviewed by Adam Barth. + + * mhtml/shared_buffer_bug-expected.txt: Added. + * mhtml/shared_buffer_bug.mht: Added. + 2012-10-15 Luke Macpherson Make CSS variable names case-insensitive. diff --git a/LayoutTests/mhtml/shared_buffer_bug-expected.txt b/LayoutTests/mhtml/shared_buffer_bug-expected.txt new file mode 100644 index 0000000000000000000000000000000000000000..ab049b6affe99e51a69ae3e6104452e02014ae73 --- /dev/null +++ b/LayoutTests/mhtml/shared_buffer_bug-expected.txt @@ -0,0 +1,2 @@ +This is a test for a bug in SharedBuffer. + diff --git a/LayoutTests/mhtml/shared_buffer_bug.mht b/LayoutTests/mhtml/shared_buffer_bug.mht new file mode 100644 index 0000000000000000000000000000000000000000..7a5937cc58fa1546d8d2be46feac2f2d685c719c --- /dev/null +++ b/LayoutTests/mhtml/shared_buffer_bug.mht @@ -0,0 +1,176 @@ +From: +Subject: +Date: Sat, 12 Oct 2012 10:15:17 -0700 +MIME-Version: 1.0 +Content-Type: multipart/related; + type="text/html"; + boundary="----=_NextPart_000_7387_D22A981E.ADD1887E" + +------=_NextPart_000_7387_D22A981E.ADD1887E +Content-Type: text/html +Content-Transfer-Encoding: quoted-printable +Content-Location: http://localhost/sharred_buffer_bug.html + + + + + + + + + This is a test for a bug in SharedBuffer. +

This text should not be shown

+ + + + +------=_NextPart_000_7387_D22A981E.ADD1887E +Content-Type: text/css +Content-Transfer-Encoding: quoted-printable +Content-Location: http://localhost/resources/style.css + +/* +The point is to reach a size of n * 4096 bytes (with n > 1) +followed by a blank line to trigger a bug in SharredBuffer. + +Let's go: +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +012345678901234567890123456789012345678901234567890123456789 +*/ + + +h1 { visibility: hidden; } + +------=_NextPart_000_7387_D22A981E.ADD1887E-- diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog index 2208f94f63731b129c75137cc4839a6d82239a5c..2354ebb04ab246022b293c052388aef2daface9e 100644 --- a/Source/WebCore/ChangeLog +++ b/Source/WebCore/ChangeLog @@ -1,3 +1,15 @@ +2012-10-15 Jay Civelli + + Calling WebCore::SharedBuffer::append(data, 0) on a shared buffer when + its current position is at a segment boundary (4096) ends up adding an + unitialized segment (with uninitialized memory) to the SharedBuffer. + https://bugs.webkit.org/show_bug.cgi?id=99000 + + Reviewed by Adam Barth. + + * platform/SharedBuffer.cpp: + (WebCore::SharedBuffer::append): + 2012-10-15 Luke Macpherson Make CSS variable names case-insensitive. diff --git a/Source/WebCore/platform/SharedBuffer.cpp b/Source/WebCore/platform/SharedBuffer.cpp index de5f71dc2e3b966a558a23e8a244f07db98a50f2..ed03a629ea3867339123964755b103ce9d8a3cb1 100644 --- a/Source/WebCore/platform/SharedBuffer.cpp +++ b/Source/WebCore/platform/SharedBuffer.cpp @@ -148,6 +148,8 @@ void SharedBuffer::append(SharedBuffer* data) void SharedBuffer::append(const char* data, unsigned length) { ASSERT(!m_purgeableBuffer); + if (!length) + return; maybeTransferPlatformData();