Changeset 210357 in webkit


Ignore:
Timestamp:
Jan 5, 2017 9:30:57 AM (7 years ago)
Author:
commit-queue@webkit.org
Message:

[SOUP] AddressSanitizer: heap-use-after-free under WTF::String::fromUTF8()
https://bugs.webkit.org/show_bug.cgi?id=166722

Patch by Milan Crha <mcrha@redhat.com> on 2017-01-05
Reviewed by Alex Christensen.

  • platform/soup/PublicSuffixSoup.cpp:

(WebCore::topPrivatelyControlledDomain):
Use a variable to hold UTF-8 version of the domain, because
the soup_tld_get_base_domain() returns a pointer into the passed-in
string, which could be freed due to the temporary object being freed.

Location:
trunk/Source/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r210330 r210357  
     12017-01-05  Milan Crha  <mcrha@redhat.com>
     2
     3        [SOUP] AddressSanitizer: heap-use-after-free under WTF::String::fromUTF8()
     4        https://bugs.webkit.org/show_bug.cgi?id=166722
     5
     6        Reviewed by Alex Christensen.
     7
     8        * platform/soup/PublicSuffixSoup.cpp:
     9        (WebCore::topPrivatelyControlledDomain):
     10        Use a variable to hold UTF-8 version of the domain, because
     11        the soup_tld_get_base_domain() returns a pointer into the passed-in
     12        string, which could be freed due to the temporary object being freed.
     13
    1142017-01-05  Andreas Kling  <akling@apple.com>
    215

  • trunk/Source/WebCore/platform/soup/PublicSuffixSoup.cpp

    r186023 r210357  
    4848
    4949    GUniqueOutPtr<GError> error;
    50     if (const char* baseDomain = soup_tld_get_base_domain(domain.utf8().data(), &error.outPtr()))
     50    CString domainUTF8 = domain.utf8();
     51    if (const char* baseDomain = soup_tld_get_base_domain(domainUTF8.data(), &error.outPtr()))
    5152        return String::fromUTF8(baseDomain);
    5253
Note: See TracChangeset for help on using the changeset viewer.