Title: [205649] trunk/Source/WebCore
- Revision
- 205649
- Author
- achristen...@apple.com
- Date
- 2016-09-08 10:19:25 -0700 (Thu, 08 Sep 2016)
Log Message
Add range check in URLParser's serializeIPv6
https://bugs.webkit.org/show_bug.cgi?id=161743
Reviewed by David Kilzer.
No new tests, but this fixes API tests in some release builds after
the patch from https://bugs.webkit.org/show_bug.cgi?id=161668 is recommitted.
* platform/URLParser.cpp:
(WebCore::serializeIPv6):
Don't go out of bounds. Don't assume that the memory immediately after the end of the array will be empty.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (205648 => 205649)
--- trunk/Source/WebCore/ChangeLog 2016-09-08 16:47:34 UTC (rev 205648)
+++ trunk/Source/WebCore/ChangeLog 2016-09-08 17:19:25 UTC (rev 205649)
@@ -1,3 +1,17 @@
+2016-09-08 Alex Christensen <achristen...@webkit.org>
+
+ Add range check in URLParser's serializeIPv6
+ https://bugs.webkit.org/show_bug.cgi?id=161743
+
+ Reviewed by David Kilzer.
+
+ No new tests, but this fixes API tests in some release builds after
+ the patch from https://bugs.webkit.org/show_bug.cgi?id=161668 is recommitted.
+
+ * platform/URLParser.cpp:
+ (WebCore::serializeIPv6):
+ Don't go out of bounds. Don't assume that the memory immediately after the end of the array will be empty.
+
2016-09-07 Alex Christensen <achristen...@webkit.org>
Roll out r205580 and r205582.
Modified: trunk/Source/WebCore/platform/URLParser.cpp (205648 => 205649)
--- trunk/Source/WebCore/platform/URLParser.cpp 2016-09-08 16:47:34 UTC (rev 205648)
+++ trunk/Source/WebCore/platform/URLParser.cpp 2016-09-08 17:19:25 UTC (rev 205649)
@@ -1045,7 +1045,7 @@
buffer.append(':');
else
buffer.append("::");
- while (!address[piece])
+ while (piece < 8 && !address[piece])
piece++;
if (piece == 8)
break;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
