Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.4
icedtea-web.769
icedtea-web-pr1106-firefox-crash.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File icedtea-web-pr1106-firefox-crash.patch of Package icedtea-web.769
Index: icedtea-web-1.2.1/ChangeLog =================================================================== --- icedtea-web-1.2.1.orig/ChangeLog 2012-07-24 20:38:05.154359763 +0200 +++ icedtea-web-1.2.1/ChangeLog 2012-08-08 14:44:47.042059960 +0200 @@ -1,3 +1,10 @@ +2012-08-07 Adam Domurad <adomurad@redhat.com> + + Fixes PR1106, plugin crashing with firefox + archlinux/gentoo + * plugin/icedteanp/IcedTeaNPPlugin.cc + (initialize_browser_functions): Account for the fact that + browserTable->size can be larger than sizeof(NPNetscapeFuncs) + 2012-07-24 Deepak Bhole <dbhole@redhat.com> * configure.ac: Prepare for 1.2.1 Index: icedtea-web-1.2.1/NEWS =================================================================== --- icedtea-web-1.2.1.orig/NEWS 2012-07-24 20:38:05.155359749 +0200 +++ icedtea-web-1.2.1/NEWS 2012-08-08 14:45:12.747058745 +0200 @@ -17,6 +17,7 @@ - PR811: javaws is not handling urls with spaces (and other characters needing encoding) correctly - 816592: icedtea-web not loading GeoGebra java applets in Firefox or Chrome * Plugin + - PR1106: Buffer overflow in plugin table- - PR863: Error passing strings to applet methods in Chromium - PR895: IcedTea-Web searches for missing classes on each loadClass or findClass - PR518: NPString.utf8characters not guaranteed to be nul-terminated Index: icedtea-web-1.2.1/plugin/icedteanp/IcedTeaNPPlugin.cc =================================================================== --- icedtea-web-1.2.1.orig/plugin/icedteanp/IcedTeaNPPlugin.cc 2012-08-08 14:43:56.826062333 +0200 +++ icedtea-web-1.2.1/plugin/icedteanp/IcedTeaNPPlugin.cc 2012-08-08 14:44:09.008061757 +0200 @@ -2053,8 +2053,13 @@ //Ensure any unused fields are NULL memset(&browser_functions, 0, sizeof(NPNetscapeFuncs)); + + //browserTable->size can be larger than sizeof(NPNetscapeFuncs) (PR1106) + size_t copySize = browserTable->size < sizeof(NPNetscapeFuncs) ? + browserTable->size : sizeof(NPNetscapeFuncs); + //Copy fields according to given size - memcpy(&browser_functions, browserTable, browserTable->size); + memcpy(&browser_functions, browserTable, copySize); return true; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
