[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

kenneth at webkit.org kenneth at webkit.org
Wed Dec 22 13:57:50 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit 7dc470a6a3341bd0d88bb399a1d5dc4930ff4abc
Author: kenneth at webkit.org <kenneth at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Thu Sep 30 16:11:16 2010 +0000

    Original patch by Zalan Bujtas.
    
    Patch by Kenneth Rohde Christiansen <kenneth at webkit.org> on 2010-09-30
    Reviewed by Antti Koivisto.
    
    The m_readBuffer might be smaller than the incoming message size and
    thus result in memory corruption. Do a similar fix as the win port,
    resizing the m_readBuffer to have room for the message.
    
    * Platform/CoreIPC/qt/ConnectionQt.cpp:
    (CoreIPC::Connection::readyReadHandler):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@68788 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebKit2/ChangeLog b/WebKit2/ChangeLog
index fbe0a99..3471d5c 100644
--- a/WebKit2/ChangeLog
+++ b/WebKit2/ChangeLog
@@ -1,3 +1,16 @@
+2010-09-30  Kenneth Rohde Christiansen  <kenneth at webkit.org>
+
+        Reviewed by Antti Koivisto.
+
+        Original patch by Zalan Bujtas.
+
+        The m_readBuffer might be smaller than the incoming message size and
+        thus result in memory corruption. Do a similar fix as the win port,
+        resizing the m_readBuffer to have room for the message.
+
+        * Platform/CoreIPC/qt/ConnectionQt.cpp:
+        (CoreIPC::Connection::readyReadHandler):
+
 2010-09-29  Anders Carlsson  <andersca at apple.com>
 
         Reviewed by Simon Fraser.
diff --git a/WebKit2/Platform/CoreIPC/qt/ConnectionQt.cpp b/WebKit2/Platform/CoreIPC/qt/ConnectionQt.cpp
index dfd34a8..2bdda43 100644
--- a/WebKit2/Platform/CoreIPC/qt/ConnectionQt.cpp
+++ b/WebKit2/Platform/CoreIPC/qt/ConnectionQt.cpp
@@ -66,6 +66,9 @@ void Connection::readyReadHandler()
         if (m_socket->bytesAvailable() < m_currentMessageSize)
             return;
 
+        if (m_readBuffer.size() < m_currentMessageSize)
+            m_readBuffer.grow(m_currentMessageSize);
+
         size_t numberOfBytesRead = m_socket->read(reinterpret_cast<char*>(m_readBuffer.data()), m_currentMessageSize);
         ASSERT_UNUSED(numberOfBytesRead, numberOfBytesRead);
 

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list