Changeset 162544 in webkit


Ignore:
Timestamp:
Jan 22, 2014 11:55:11 AM (10 years ago)
Author:
commit-queue@webkit.org
Message:

Crashes in setTextForIterator
https://bugs.webkit.org/show_bug.cgi?id=127424

Patch by peavo@outlook.com <peavo@outlook.com> on 2014-01-22
Reviewed by Brent Fulgham.

  • platform/text/icu/UTextProviderLatin1.cpp:

(WebCore::uTextLatin1Clone): Provide correct buffer size in utext_setup function call.
(WebCore::uTextLatin1Access): Give correct buffer size to memset call.
(WebCore::openLatin1UTextProvider): Ditto.

Location:
trunk/Source/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r162540 r162544  
     12014-01-22  peavo@outlook.com  <peavo@outlook.com>
     2
     3        Crashes in setTextForIterator
     4        https://bugs.webkit.org/show_bug.cgi?id=127424
     5
     6        Reviewed by Brent Fulgham.
     7
     8        * platform/text/icu/UTextProviderLatin1.cpp:
     9        (WebCore::uTextLatin1Clone): Provide correct buffer size in utext_setup function call.
     10        (WebCore::uTextLatin1Access): Give correct buffer size to memset call.
     11        (WebCore::openLatin1UTextProvider): Ditto.
     12
    1132014-01-22  Jer Noble  <jer.noble@apple.com>
    214

  • trunk/Source/WebCore/platform/text/icu/UTextProviderLatin1.cpp

    r161848 r162544  
    6868        return 0;
    6969
    70     UText* result = utext_setup(destination, sizeof(UChar) * (UTextWithBufferInlineCapacity + 1), status);
     70    UText* result = utext_setup(destination, sizeof(UChar) * UTextWithBufferInlineCapacity, status);
    7171    if (U_FAILURE(*status))
    7272        return destination;
     
    8383    result->pFuncs = &uTextLatin1Funcs;
    8484    result->chunkContents = (UChar*)result->pExtra;
    85     memset(const_cast<UChar*>(result->chunkContents), 0, sizeof(UChar) * (UTextWithBufferInlineCapacity + 1));
     85    memset(const_cast<UChar*>(result->chunkContents), 0, sizeof(UChar) * UTextWithBufferInlineCapacity);
    8686
    8787    return result;
     
    133133            uText->chunkNativeLimit = length;
    134134
    135         uText->chunkNativeStart = uText->chunkNativeLimit -  UTextWithBufferInlineCapacity;
     135        uText->chunkNativeStart = uText->chunkNativeLimit - UTextWithBufferInlineCapacity;
    136136        if (uText->chunkNativeStart < 0)
    137137            uText->chunkNativeStart = 0;
     
    229229    text->pFuncs = &uTextLatin1Funcs;
    230230    text->chunkContents = (UChar*)text->pExtra;
    231     memset(const_cast<UChar*>(text->chunkContents), 0, sizeof(UChar) * (UTextWithBufferInlineCapacity + 1));
     231    memset(const_cast<UChar*>(text->chunkContents), 0, sizeof(UChar) * UTextWithBufferInlineCapacity);
    232232
    233233    return text;
Note: See TracChangeset for help on using the changeset viewer.