If the check for HTML is done near the end of the string, such that sizeof(_tagstr) chars will run us off the end of mBuffer, then we can in fact read off the edge of the buffer (since the buffer is _not_ null-terminated). Patch coming up.
15 years ago
Priority: -- → P1
Summary: nsUnknownDecoder can read uninitialized data → [FIX]nsUnknownDecoder can read uninitialized data
Target Milestone: --- → mozilla1.6alpha
Comment on attachment 132627 [details] [diff] [review] patch Reviews? I also got rid of the nsCAutoString stuff that we were no longer really using...
Comment on attachment 132627 [details] [diff] [review] patch looks good
Attachment #132627 - Flags: review?(cbiesinger) → review+
Comment on attachment 132627 [details] [diff] [review] patch nice deStringification! ;-) sr=darin
Attachment #132627 - Flags: superreview?(darin) → superreview+
Fix checked in.
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.