[Pkg-chromium-commit] chromium-browser/chromium-browser.squeeze: 716 [69640] Medium Out-of-bounds read in text searching. Credit to Kostya

Giuseppe Iuculano iuculano at debian.org
Thu Mar 3 15:37:33 UTC 2011 

Branch name: chromium-browser/chromium-browser.squeeze
Branch location : bzr+ssh://bzr.debian.org/bzr/pkg-chromium/chromium-browser/chromium-browser.squeeze
Browse location: http://bzr.debian.org/loggerhead/pkg-chromium
Revision No: 716
Revision Id: iuculano at debian.org-20110303153733-0tc1a0doegwo10r3
Committer: Giuseppe Iuculano <iuculano at debian.org>
Message : [69640] Medium Out-of-bounds read in text searching. Credit to Kostya
Serebryany of the Chromium development community


--------------------------------------------------------
  ** Added :
        - debian/patches/69640.patch

  ** Modified :
        - debian/changelog
        - debian/patches/series

-------------- next part --------------
=== modified file 'debian/changelog'
--- a/debian/changelog	2011-03-03 15:22:37 +0000
+++ b/debian/changelog	2011-03-03 15:37:33 +0000
@@ -5,8 +5,10 @@
       Chancel.
     - [63732] High Crash with javascript dialogs. Credit to Sergey Radchenko.
     - [68263] High Stylesheet node stale pointer. Credit to Sergey Glazunov.
+    - [69640] Medium Out-of-bounds read in text searching. Credit to Kostya
+      Serebryany of the Chromium development community
 
- -- Giuseppe Iuculano <iuculano at debian.org>  Thu, 03 Mar 2011 16:20:55 +0100
+ -- Giuseppe Iuculano <iuculano at debian.org>  Thu, 03 Mar 2011 16:36:36 +0100
 
 chromium-browser (6.0.472.63~r59945-5+squeeze2) stable-security; urgency=high
 

=== added file 'debian/patches/69640.patch'
--- a/debian/patches/69640.patch	1970-01-01 00:00:00 +0000
+++ b/debian/patches/69640.patch	2011-03-03 15:37:33 +0000
@@ -0,0 +1,14 @@
+--- a/src/third_party/WebKit/WebCore/editing/TextIterator.cpp
++++ b/src/third_party/WebKit/WebCore/editing/TextIterator.cpp
+@@ -1740,6 +1740,11 @@ inline SearchBuffer::SearchBuffer(const
+ 
+ inline SearchBuffer::~SearchBuffer()
+ {
++    // Leave the static object pointing to a valid string.
++    UErrorCode status = U_ZERO_ERROR;
++    usearch_setPattern(WebCore::searcher(), &newlineCharacter, 1, &status);
++    ASSERT(status == U_ZERO_ERROR);
++
+     unlockSearcher();
+ }
+ 

=== modified file 'debian/patches/series'
--- a/debian/patches/series	2011-03-03 15:22:37 +0000
+++ b/debian/patches/series	2011-03-03 15:37:33 +0000
@@ -59,3 +59,4 @@
 54262.patch
 63732.patch
 68263.patch
+69640.patch

More information about the Pkg-chromium-commit mailing list