[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
andersca at apple.com
andersca at apple.com
Wed Dec 22 13:56:00 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit ff62e9c52ca2953d3c20a408e0704d8d19f905b1
Author: andersca at apple.com <andersca at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Sep 29 23:05:50 2010 +0000
Add additional check to Text::wholeText.
<rdar://problem/8304795>
Reviewed by Darin Adler.
* dom/Text.cpp:
(WebCore::Text::wholeText):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@68705 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 1f494ce..6fffc41 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,13 @@
+2010-09-29 Anders Carlsson <andersca at apple.com>
+
+ Reviewed by Darin Adler.
+
+ Add additional check to Text::wholeText.
+ <rdar://problem/8304795>
+
+ * dom/Text.cpp:
+ (WebCore::Text::wholeText):
+
2010-09-29 Brian Weinstein <bweinstein at apple.com>
Reviewed by Brady Eidson.
diff --git a/WebCore/dom/Text.cpp b/WebCore/dom/Text.cpp
index 928b975..cc216d8 100644
--- a/WebCore/dom/Text.cpp
+++ b/WebCore/dom/Text.cpp
@@ -123,6 +123,8 @@ String Text::wholeText() const
continue;
const Text* t = static_cast<const Text*>(n);
const String& data = t->data();
+ if (std::numeric_limits<unsigned>::max() - data.length() < resultLength)
+ CRASH();
resultLength += data.length();
}
UChar* resultData;
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list