[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677

darin darin at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 08:36:41 UTC 2009 

The following commit has been merged in the debian/unstable branch:
commit 3ccdfa545679b51f78ef5ff588c730bfc66e741f
Author: darin <darin at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Sat Apr 24 02:50:22 2004 +0000

            Reviewed by Maciej.
    
            - fixed <rdar://problem/3627362>: "bad access with libgmalloc in -[_WebCoreHistoryProvider containsItemForURLUnicode:length:]"
    
            * History.subproj/WebHistory.m:
            (-[_WebCoreHistoryProvider containsItemForURLUnicode:length:]): Add range checks so we
            don't overrun the buffer while looking for slashes.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@6475 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebKit/ChangeLog b/WebKit/ChangeLog
index d134d4d..ae4dc7b 100644
--- a/WebKit/ChangeLog
+++ b/WebKit/ChangeLog
@@ -1,3 +1,13 @@
+2004-04-23  Darin Adler  <darin at apple.com>
+
+        Reviewed by Maciej.
+
+        - fixed <rdar://problem/3627362>: "bad access with libgmalloc in -[_WebCoreHistoryProvider containsItemForURLUnicode:length:]"
+
+        * History.subproj/WebHistory.m:
+        (-[_WebCoreHistoryProvider containsItemForURLUnicode:length:]): Add range checks so we
+        don't overrun the buffer while looking for slashes.
+
 2004-04-23  Chris Blumenberg  <cblu at apple.com>
 
 	Reviewed by John
diff --git a/WebKit/History.subproj/WebHistory.m b/WebKit/History.subproj/WebHistory.m
index 4a7ac3b..1d1d6fd 100644
--- a/WebKit/History.subproj/WebHistory.m
+++ b/WebKit/History.subproj/WebHistory.m
@@ -575,13 +575,15 @@ static inline bool matchUnicodeLetter(UniChar c, UniChar lowercaseLetter)
 	matchUnicodeLetter(unicode[3], 'p') &&
 	(unicode[4] == ':' 
 	 || (matchLetter(unicode[4], 's') && unicode[5] == ':'))) {
+
 	unsigned pos = unicode[4] == ':' ? 5 : 6;
+
 	// skip possible initial two slashes
-	if (unicode[pos] == '/' && unicode[pos + 1] == '/') {
+	if (pos + 1 < length && unicode[pos] == '/' && unicode[pos + 1] == '/') {
 	    pos += 2;
 	}
 
-	while (unicode[pos] != '/' && pos < length) {
+	while (pos < length && unicode[pos] != '/') {
 	    pos++;
 	}
 

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list