[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373

eric at webkit.org eric at webkit.org
Wed Apr 7 23:23:17 UTC 2010 

The following commit has been merged in the webkit-1.2 branch:
commit 6e9b4315ca271710e98f667a7513c537c8c70f73
Author: eric at webkit.org <eric at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Thu Nov 5 06:39:41 2009 +0000

    2009-11-04  Dan Kegel  <dank at chromium.org>
    
            Reviewed by Alexey Proskuryakov.
    
            Fix buffer overrun in WebCore::Page::userStyleSheetLocationChanged()
            https://bugs.webkit.org/show_bug.cgi?id=31138
    
            Test: LayoutTests/platform/mac/fast/loader/user-stylesheet-fast-path.html in Valgrind
    
            * page/Page.cpp:
            (WebCore::Page::userStyleSheetLocationChanged):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@50545 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 5d39230..4dab86a 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,15 @@
+2009-11-04  Dan Kegel  <dank at chromium.org>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Fix buffer overrun in WebCore::Page::userStyleSheetLocationChanged()
+        https://bugs.webkit.org/show_bug.cgi?id=31138
+
+        Test: LayoutTests/platform/mac/fast/loader/user-stylesheet-fast-path.html in Valgrind
+
+        * page/Page.cpp:
+        (WebCore::Page::userStyleSheetLocationChanged):
+
 2009-11-04  Timothy Hatcher  <timothy at apple.com>
 
         Update the Web Inspector Timeline panel to better match the mock-up.
diff --git a/WebCore/page/Page.cpp b/WebCore/page/Page.cpp
index 8a685f4..4321e08 100644
--- a/WebCore/page/Page.cpp
+++ b/WebCore/page/Page.cpp
@@ -542,7 +542,7 @@ void Page::userStyleSheetLocationChanged()
 
         Vector<char> styleSheetAsUTF8;
         if (base64Decode(encodedData, styleSheetAsUTF8))
-            m_userStyleSheet = String::fromUTF8(styleSheetAsUTF8.data());
+            m_userStyleSheet = String::fromUTF8(styleSheetAsUTF8.data(), styleSheetAsUTF8.size());
     }
     
     for (Frame* frame = mainFrame(); frame; frame = frame->tree()->traverseNext()) {

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list