[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
kenneth at webkit.org
kenneth at webkit.org
Wed Dec 22 13:57:50 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 7dc470a6a3341bd0d88bb399a1d5dc4930ff4abc
Author: kenneth at webkit.org <kenneth at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Thu Sep 30 16:11:16 2010 +0000
Original patch by Zalan Bujtas.
Patch by Kenneth Rohde Christiansen <kenneth at webkit.org> on 2010-09-30
Reviewed by Antti Koivisto.
The m_readBuffer might be smaller than the incoming message size and
thus result in memory corruption. Do a similar fix as the win port,
resizing the m_readBuffer to have room for the message.
* Platform/CoreIPC/qt/ConnectionQt.cpp:
(CoreIPC::Connection::readyReadHandler):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@68788 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebKit2/ChangeLog b/WebKit2/ChangeLog
index fbe0a99..3471d5c 100644
--- a/WebKit2/ChangeLog
+++ b/WebKit2/ChangeLog
@@ -1,3 +1,16 @@
+2010-09-30 Kenneth Rohde Christiansen <kenneth at webkit.org>
+
+ Reviewed by Antti Koivisto.
+
+ Original patch by Zalan Bujtas.
+
+ The m_readBuffer might be smaller than the incoming message size and
+ thus result in memory corruption. Do a similar fix as the win port,
+ resizing the m_readBuffer to have room for the message.
+
+ * Platform/CoreIPC/qt/ConnectionQt.cpp:
+ (CoreIPC::Connection::readyReadHandler):
+
2010-09-29 Anders Carlsson <andersca at apple.com>
Reviewed by Simon Fraser.
diff --git a/WebKit2/Platform/CoreIPC/qt/ConnectionQt.cpp b/WebKit2/Platform/CoreIPC/qt/ConnectionQt.cpp
index dfd34a8..2bdda43 100644
--- a/WebKit2/Platform/CoreIPC/qt/ConnectionQt.cpp
+++ b/WebKit2/Platform/CoreIPC/qt/ConnectionQt.cpp
@@ -66,6 +66,9 @@ void Connection::readyReadHandler()
if (m_socket->bytesAvailable() < m_currentMessageSize)
return;
+ if (m_readBuffer.size() < m_currentMessageSize)
+ m_readBuffer.grow(m_currentMessageSize);
+
size_t numberOfBytesRead = m_socket->read(reinterpret_cast<char*>(m_readBuffer.data()), m_currentMessageSize);
ASSERT_UNUSED(numberOfBytesRead, numberOfBytesRead);
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list