[Pkg-chromium-commit] chromium-browser/chromium-browser.sid: 686 Medium Use after free in mouse dragging event handling. Credit to kuzzcc.

Giuseppe Iuculano iuculano at debian.org
Tue Dec 7 09:25:49 UTC 2010 

Branch name: chromium-browser/chromium-browser.sid
Branch location : bzr+ssh://bzr.debian.org/bzr/pkg-chromium/chromium-browser/chromium-browser.sid
Browse location: http://bzr.debian.org/loggerhead/pkg-chromium
Revision No: 686
Revision Id: iuculano at debian.org-20101207092549-su22se2aiycv36x5
Committer: Giuseppe Iuculano <iuculano at debian.org>
Message : Medium Use after free in mouse dragging event handling. Credit to kuzzcc.


--------------------------------------------------------
  ** Added :
        - debian/patches/63051.patch

  ** Modified :
        - debian/changelog
        - debian/patches/series

-------------- next part --------------
=== modified file 'debian/changelog'
--- a/debian/changelog	2010-12-07 09:22:33 +0000
+++ b/debian/changelog	2010-12-07 09:25:49 +0000
@@ -8,8 +8,9 @@
       Windows platforms. Credit to Billy Rios of the Google Security Team.
     - High Crash due to bad indexing with malformed video. Credit to miaubiz. 
     - High Use after free with SVG animations. Credit to S?awomir B?a?ek.
+    - Medium Use after free in mouse dragging event handling. Credit to kuzzcc.
 
- -- Giuseppe Iuculano <iuculano at debian.org>  Tue, 07 Dec 2010 10:18:56 +0100
+ -- Giuseppe Iuculano <iuculano at debian.org>  Tue, 07 Dec 2010 10:25:26 +0100
 
 chromium-browser (6.0.472.63~r59945-2) unstable; urgency=high
 

=== added file 'debian/patches/63051.patch'
--- a/debian/patches/63051.patch	1970-01-01 00:00:00 +0000
+++ b/debian/patches/63051.patch	2010-12-07 09:25:49 +0000
@@ -0,0 +1,19 @@
+--- a/src/third_party/WebKit/WebCore/page/EventHandler.cpp
++++ b/src/third_party/WebKit/WebCore/page/EventHandler.cpp
+@@ -595,13 +595,13 @@ void EventHandler::updateSelectionForMou
+     if (!targetNode)
+         return;
+ 
++    if (!canMouseDragExtendSelect(targetNode))
++	return;
++
+     RenderObject* targetRenderer = targetNode->renderer();
+     if (!targetRenderer)
+         return;
+         
+-    if (!canMouseDragExtendSelect(targetNode))
+-        return;
+-
+     VisiblePosition targetPosition(targetRenderer->positionForPoint(localPoint));
+ 
+     // Don't modify the selection if we're not on a node.

=== modified file 'debian/patches/series'
--- a/debian/patches/series	2010-12-07 09:22:33 +0000
+++ b/debian/patches/series	2010-12-07 09:25:49 +0000
@@ -36,3 +36,4 @@
 59817.patch
 62127.patch
 62401.patch
+63051.patch

More information about the Pkg-chromium-commit mailing list