Changeset 50545

Show
Ignore:
Timestamp:
11/04/09 22:39:41 (4 months ago)
Author:
eric@webkit.org
Message:

2009-11-04 Dan Kegel < dank@chromium.org>

Reviewed by Alexey Proskuryakov.

Fix buffer overrun in WebCore::Page::userStyleSheetLocationChanged()
 https://bugs.webkit.org/show_bug.cgi?id=31138

Test: LayoutTests/platform/mac/fast/loader/user-stylesheet-fast-path.html in Valgrind

  • page/Page.cpp: (WebCore::Page::userStyleSheetLocationChanged):
Location:
trunk/WebCore
Files:
2 modified

Legend:

Unmodified
Added
Removed

  • trunk/WebCore/ChangeLog

    r50544 r50545  
     12009-11-04  Dan Kegel  <dank@chromium.org> 
     2 
     3        Reviewed by Alexey Proskuryakov. 
     4 
     5        Fix buffer overrun in WebCore::Page::userStyleSheetLocationChanged() 
     6        https://bugs.webkit.org/show_bug.cgi?id=31138 
     7 
     8        Test: LayoutTests/platform/mac/fast/loader/user-stylesheet-fast-path.html in Valgrind 
     9 
     10        * page/Page.cpp: 
     11        (WebCore::Page::userStyleSheetLocationChanged): 
     12 
    1132009-11-04  Timothy Hatcher  <timothy@apple.com> 
    214 

  • trunk/WebCore/page/Page.cpp

    r49413 r50545  
    543543        Vector<char> styleSheetAsUTF8; 
    544544        if (base64Decode(encodedData, styleSheetAsUTF8)) 
    545             m_userStyleSheet = String::fromUTF8(styleSheetAsUTF8.data()); 
     545            m_userStyleSheet = String::fromUTF8(styleSheetAsUTF8.data(), styleSheetAsUTF8.size()); 
    546546    } 
    547547