[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677
darin
darin at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 08:36:41 UTC 2009
The following commit has been merged in the debian/unstable branch:
commit 3ccdfa545679b51f78ef5ff588c730bfc66e741f
Author: darin <darin at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Sat Apr 24 02:50:22 2004 +0000
Reviewed by Maciej.
- fixed <rdar://problem/3627362>: "bad access with libgmalloc in -[_WebCoreHistoryProvider containsItemForURLUnicode:length:]"
* History.subproj/WebHistory.m:
(-[_WebCoreHistoryProvider containsItemForURLUnicode:length:]): Add range checks so we
don't overrun the buffer while looking for slashes.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@6475 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebKit/ChangeLog b/WebKit/ChangeLog
index d134d4d..ae4dc7b 100644
--- a/WebKit/ChangeLog
+++ b/WebKit/ChangeLog
@@ -1,3 +1,13 @@
+2004-04-23 Darin Adler <darin at apple.com>
+
+ Reviewed by Maciej.
+
+ - fixed <rdar://problem/3627362>: "bad access with libgmalloc in -[_WebCoreHistoryProvider containsItemForURLUnicode:length:]"
+
+ * History.subproj/WebHistory.m:
+ (-[_WebCoreHistoryProvider containsItemForURLUnicode:length:]): Add range checks so we
+ don't overrun the buffer while looking for slashes.
+
2004-04-23 Chris Blumenberg <cblu at apple.com>
Reviewed by John
diff --git a/WebKit/History.subproj/WebHistory.m b/WebKit/History.subproj/WebHistory.m
index 4a7ac3b..1d1d6fd 100644
--- a/WebKit/History.subproj/WebHistory.m
+++ b/WebKit/History.subproj/WebHistory.m
@@ -575,13 +575,15 @@ static inline bool matchUnicodeLetter(UniChar c, UniChar lowercaseLetter)
matchUnicodeLetter(unicode[3], 'p') &&
(unicode[4] == ':'
|| (matchLetter(unicode[4], 's') && unicode[5] == ':'))) {
+
unsigned pos = unicode[4] == ':' ? 5 : 6;
+
// skip possible initial two slashes
- if (unicode[pos] == '/' && unicode[pos + 1] == '/') {
+ if (pos + 1 < length && unicode[pos] == '/' && unicode[pos + 1] == '/') {
pos += 2;
}
- while (unicode[pos] != '/' && pos < length) {
+ while (pos < length && unicode[pos] != '/') {
pos++;
}
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list