Changeset 233610 in webkit


Ignore:
Timestamp:
Jul 6, 2018 7:24:35 PM (6 years ago)
Author:
chris.reid@sony.com
Message:

[WinCairo] WebKit MiniBrowser crashes when attempting to navigate to certain URLs
https://bugs.webkit.org/show_bug.cgi?id=187167

Reviewed by Alex Christensen.

A null byte was written past the end of the buffer causing the crash.
Some of the heap allocated buffers were also not getting deleted.

  • MiniBrowser/win/WebKitBrowserWindow.cpp:
Location:
trunk/Tools
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Tools/ChangeLog

    r233594 r233610  
     12018-07-06  Christopher Reid  <chris.reid@sony.com>
     2
     3        [WinCairo] WebKit MiniBrowser crashes when attempting to navigate to certain URLs
     4        https://bugs.webkit.org/show_bug.cgi?id=187167
     5
     6        Reviewed by Alex Christensen.
     7
     8        A null byte was written past the end of the buffer causing the crash.
     9        Some of the heap allocated buffers were also not getting deleted.
     10
     11        * MiniBrowser/win/WebKitBrowserWindow.cpp:
     12
    1132018-07-06  Thibault Saunier  <tsaunier@igalia.com>
    214

  • trunk/Tools/MiniBrowser/win/WebKitBrowserWindow.cpp

    r232723 r233610  
    2828#include "MiniBrowserLibResource.h"
    2929#include <WebKit/WKInspector.h>
     30#include <vector>
    3031
    3132std::wstring
    3233createString(WKStringRef wkString)
    3334{
    34     size_t maxSize = WKStringGetMaximumUTF8CStringSize(wkString);
    35     char* utf8Buffer = new char[maxSize];
    36     size_t utf8Length = WKStringGetUTF8CString(wkString, utf8Buffer, maxSize);
    37 
    38     int wcharLength = MultiByteToWideChar(CP_UTF8, 0, utf8Buffer, utf8Length, 0, 0);
    39     wchar_t* wcharBuffer = new wchar_t[wcharLength + 1];
    40     MultiByteToWideChar(CP_UTF8, 0, utf8Buffer, utf8Length, wcharBuffer, wcharLength);
    41     wcharBuffer[wcharLength] = L'\0';
    42     std::wstring dest(wcharBuffer);
    43     return dest;
     35    size_t maxSize = WKStringGetLength(wkString);
     36
     37    std::vector<WKChar> wkCharBuffer(maxSize);
     38    size_t actualLength = WKStringGetCharacters(wkString, wkCharBuffer.data(), maxSize);
     39    return std::wstring(wkCharBuffer.data(), actualLength);
    4440}
    4541
     
    5046}
    5147
    52 std::string toUtf8(const wchar_t* src, size_t srcLength)
     48std::vector<char> toNullTerminatedUTF8(const wchar_t* src, size_t srcLength)
    5349{
    5450    int utf8Length = WideCharToMultiByte(CP_UTF8, 0, src, srcLength, 0, 0, nullptr, nullptr);
    55     char* utf8Buffer = new char[utf8Length];
     51    std::vector<char> utf8Buffer(utf8Length + 1);
    5652    WideCharToMultiByte(CP_UTF8, 0, src, srcLength,
    57         utf8Buffer, utf8Length, nullptr, nullptr);
     53        utf8Buffer.data(), utf8Length, nullptr, nullptr);
    5854    utf8Buffer[utf8Length] = '\0';
    59     std::string dest(utf8Buffer);
    60     delete[] utf8Buffer;
    61     return dest;
     55    return utf8Buffer;
    6256}
    6357
     
    6559createWKString(_bstr_t str)
    6660{
    67     auto utf8 = toUtf8(str, str.length());
    68     return adoptWK(WKStringCreateWithUTF8CString(utf8.c_str()));
     61    auto utf8 = toNullTerminatedUTF8(str, str.length());
     62    return adoptWK(WKStringCreateWithUTF8CString(utf8.data()));
    6963}
    7064
     
    7266createWKURL(_bstr_t str)
    7367{
    74     auto utf8 = toUtf8(str, str.length());
    75     return adoptWK(WKURLCreateWithUTF8CString(utf8.c_str()));
     68    auto utf8 = toNullTerminatedUTF8(str, str.length());
     69    return adoptWK(WKURLCreateWithUTF8CString(utf8.data()));
    7670}
    7771
Note: See TracChangeset for help on using the changeset viewer.