[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677

mjs mjs at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 06:08:30 UTC 2009 

The following commit has been merged in the debian/unstable branch:
commit ecf397dce619d1c660dae4701f26645b4fddc1cb
Author: mjs <mjs at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Mon Apr 22 07:02:45 2002 +0000

    	Fix a plugins memory trasher that was making Alexander crash on
    	the abcnews.com test page in cvs-torture-test:
    
    	* Plugins.subproj/IFPluginView.mm:
    	(-[IFPluginView initWithFrame:plugin:url:mime:arguments:mode:]):
    	Use a new maxArguments variable to size the argument and value
    	arrays - with the old code argsCount would end up twice the size
    	it should be, and the arguments would all get written past the end
    	of the argument array.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@1055 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebKit/ChangeLog b/WebKit/ChangeLog
index 24e1595..ba3541a 100644
--- a/WebKit/ChangeLog
+++ b/WebKit/ChangeLog
@@ -1,3 +1,15 @@
+2002-04-21  Maciej Stachowiak  <mjs at apple.com>
+
+	Fix a plugins memory trasher that was making Alexander crash on
+	the abcnews.com test page in cvs-torture-test:
+
+	* Plugins.subproj/IFPluginView.mm:
+	(-[IFPluginView initWithFrame:plugin:url:mime:arguments:mode:]):
+	Use a new maxArguments variable to size the argument and value
+	arrays - with the old code argsCount would end up twice the size
+	it should be, and the arguments would all get written past the end
+	of the argument array.
+
 2002-04-19  Kenneth Kocienda  <kocienda at apple.com>
 
         Changes to support submission of forms using HTTP POST.
diff --git a/WebKit/ChangeLog-2002-12-03 b/WebKit/ChangeLog-2002-12-03
index 24e1595..ba3541a 100644
--- a/WebKit/ChangeLog-2002-12-03
+++ b/WebKit/ChangeLog-2002-12-03
@@ -1,3 +1,15 @@
+2002-04-21  Maciej Stachowiak  <mjs at apple.com>
+
+	Fix a plugins memory trasher that was making Alexander crash on
+	the abcnews.com test page in cvs-torture-test:
+
+	* Plugins.subproj/IFPluginView.mm:
+	(-[IFPluginView initWithFrame:plugin:url:mime:arguments:mode:]):
+	Use a new maxArguments variable to size the argument and value
+	arrays - with the old code argsCount would end up twice the size
+	it should be, and the arguments would all get written past the end
+	of the argument array.
+
 2002-04-19  Kenneth Kocienda  <kocienda at apple.com>
 
         Changes to support submission of forms using HTTP POST.
diff --git a/WebKit/Plugins.subproj/IFPluginView.mm b/WebKit/Plugins.subproj/IFPluginView.mm
index 5477a2a..9063080 100644
--- a/WebKit/Plugins.subproj/IFPluginView.mm
+++ b/WebKit/Plugins.subproj/IFPluginView.mm
@@ -48,7 +48,8 @@ newCString(NSString *string)
 - initWithFrame:(NSRect)r plugin:(WCPlugin *)plug url:(NSString *)location mime:(NSString *)mimeType arguments:(NSDictionary *)arguments mode:(uint16)mode
 {
     NSString *baseURLString;
-    
+    unsigned maxArguments;
+
     [super initWithFrame: r];
     
     // The following line doesn't work for Flash, so I have create a NPP_t struct and point to it
@@ -95,10 +96,10 @@ newCString(NSString *string)
         // These arrays are passed to NPP_New, but the strings need to be
         // modifiable and live the entire life of the plugin.
         
-        argsCount = [arguments count];
+        maxArguments = [arguments count];
         
-        cAttributes = new char * [argsCount];
-        cValues = new char * [argsCount];
+        cAttributes = new char * [maxArguments];
+        cValues = new char * [maxArguments];
         
         NSEnumerator *e = [arguments keyEnumerator];
         NSString *key;
@@ -106,8 +107,8 @@ newCString(NSString *string)
             if (![key isEqualToString:@"wkfullmode"]) {
                 cAttributes[argsCount] = newCString(key);
                 cValues[argsCount] = newCString([arguments objectForKey:key]);
-                argsCount++;
             }
+	    argsCount++;
         }
     }
     
diff --git a/WebKit/Plugins.subproj/WebPluginView.m b/WebKit/Plugins.subproj/WebPluginView.m
index 5477a2a..9063080 100644
--- a/WebKit/Plugins.subproj/WebPluginView.m
+++ b/WebKit/Plugins.subproj/WebPluginView.m
@@ -48,7 +48,8 @@ newCString(NSString *string)
 - initWithFrame:(NSRect)r plugin:(WCPlugin *)plug url:(NSString *)location mime:(NSString *)mimeType arguments:(NSDictionary *)arguments mode:(uint16)mode
 {
     NSString *baseURLString;
-    
+    unsigned maxArguments;
+
     [super initWithFrame: r];
     
     // The following line doesn't work for Flash, so I have create a NPP_t struct and point to it
@@ -95,10 +96,10 @@ newCString(NSString *string)
         // These arrays are passed to NPP_New, but the strings need to be
         // modifiable and live the entire life of the plugin.
         
-        argsCount = [arguments count];
+        maxArguments = [arguments count];
         
-        cAttributes = new char * [argsCount];
-        cValues = new char * [argsCount];
+        cAttributes = new char * [maxArguments];
+        cValues = new char * [maxArguments];
         
         NSEnumerator *e = [arguments keyEnumerator];
         NSString *key;
@@ -106,8 +107,8 @@ newCString(NSString *string)
             if (![key isEqualToString:@"wkfullmode"]) {
                 cAttributes[argsCount] = newCString(key);
                 cValues[argsCount] = newCString([arguments objectForKey:key]);
-                argsCount++;
             }
+	    argsCount++;
         }
     }
     

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list