Changeset 126089 in webkit


Ignore:
Timestamp:
Aug 20, 2012 4:39:39 PM (12 years ago)
Author:
Nate Chapin
Message:

Unsafe vsprintf usage in TestNetscapePlugin
https://bugs.webkit.org/show_bug.cgi?id=94522

Reviewed by Adam Barth.

  • DumpRenderTree/TestNetscapePlugIn/PluginObject.cpp:

(pluginLogWithArguments): Using vsnprintf instead of vsprintf to ensure we don't overflow

the message buffer.

(testDocumentOpen):
(testWindowOpen):

Location:
trunk/Tools
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/Tools/ChangeLog

    r126079 r126089  
     12012-08-20  Nate Chapin  <japhet@chromium.org>
     2
     3        Unsafe vsprintf usage in TestNetscapePlugin
     4        https://bugs.webkit.org/show_bug.cgi?id=94522
     5
     6        Reviewed by Adam Barth.
     7
     8        * DumpRenderTree/TestNetscapePlugIn/PluginObject.cpp:
     9        (pluginLogWithArguments): Using vsnprintf instead of vsprintf to ensure we don't overflow
     10            the message buffer.
     11        (testDocumentOpen):
     12        (testWindowOpen):
     13
    1142012-08-20  George Staikos  <staikos@webkit.org>
    215
  • trunk/Tools/DumpRenderTree/TestNetscapePlugIn/PluginObject.cpp

    r124705 r126089  
    6161}
    6262
    63 // Helper function which takes in the plugin window object for logging to the console object. This function supports variable
    64 // arguments.
    65 static void pluginLogWithWindowObjectVariableArgs(NPObject* windowObject, NPP instance, const char* format, ...)
    66 {
    67     va_list args;
    68     va_start(args, format);
    69     char message[2048] = "PLUGIN: ";
    70     vsprintf(message + strlen(message), format, args);
    71     va_end(args);
    72 
    73     pluginLogWithWindowObject(windowObject, instance, message);
    74 }
    75              
    7663void pluginLogWithArguments(NPP instance, const char* format, va_list args)
    7764{
    78     char message[2048] = "PLUGIN: ";
    79     vsprintf(message + strlen(message), format, args);
     65    const size_t messageBufferSize = 2048;
     66    char message[messageBufferSize] = "PLUGIN: ";
     67    int messageLength = sizeof("PLUGIN: ") - 1;
     68    messageLength += vsnprintf(message + messageLength, messageBufferSize - 1 - messageLength, format, args);
     69    message[messageLength] = '\0';
    8070
    8171    NPObject* windowObject = 0;
     
    937927    }
    938928
    939     pluginLogWithWindowObjectVariableArgs(windowObject, npp, "DOCUMENT OPEN SUCCESS");
     929    pluginLogWithWindowObject(windowObject, npp, "PLUGIN: DOCUMENT OPEN SUCCESS");
    940930    notifyTestCompletion(npp, result.value.objectValue);
    941931    browser->releaseobject(result.value.objectValue);
     
    969959    }
    970960
    971     pluginLogWithWindowObjectVariableArgs(windowObject, npp, "WINDOW OPEN SUCCESS");
     961    pluginLogWithWindowObject(windowObject, npp, "PLUGIN: WINDOW OPEN SUCCESS");
    972962    notifyTestCompletion(npp, result.value.objectValue);
    973963    browser->releaseobject(result.value.objectValue);
Note: See TracChangeset for help on using the changeset viewer.