Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ASAN: Fix global-buffer-overflow @wtf::StringImpl::createFromLiteral()
strlen() is invoked on strings located in UserAgentStyleSheetsData.cpp, however strings in those tables doesn't not contain valid C string with '\0' character in the end. GDB callstack excerpt: (complete is available at WebPlatformForEmbedded#592) (gdb) bt (gdb) bt (gdb) fr 4 158 return createFromLiteral(characters, strlen(characters)); (gdb) l 153 return adoptRef(*new StringImpl(reinterpret_cast<const LChar*>(characters), length, ConstructWithoutCopying)); 154 } 155 156 Ref<StringImpl> StringImpl::createFromLiteral(const char* characters) 157 { 158 return createFromLiteral(characters, strlen(characters)); 159 } Signed-off-by: Damian Wrobel <dwrobel@ertelnet.rybnik.pl>
- Loading branch information