Closed Bug 265829 Opened 20 years ago Closed 20 years ago

history code passes incorrect length to NS_ConvertUTF16toUTF8

Categories

(Firefox :: Bookmarks & History, defect)

Product:
Firefox
Component:
Bookmarks & History
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: bryner, Assigned: bryner)

Details

(Keywords: fixed-aviary1.0)

Attachments

(1 file)

patch
828 bytes, patch
vlad
: review+
asa
: approval-aviary+
Details | Diff | Splinter Review
In nsGlobalHistory::RowMatches(), NS_ConvertUTF16toUTF8 is called with |yarnLength| passed as the length. However, this is the string length in bytes, while the string code wants the length in characters.
Attached patch patchSplinter Review
This can and does result in reading uninitialized memory...
Attachment #163191 - Flags: review?(vladimir)
Comment on attachment 163191 [details] [diff] [review] patch Can we get this in on the branch? It's likely causing random odd behavior or crashes when people use history autocomplete.
Attachment #163191 - Flags: approval-aviary?
Comment on attachment 163191 [details] [diff] [review] patch a=asa for aviary checkin.
Attachment #163191 - Flags: approval-aviary? → approval-aviary+
checked into trunk and branch
Status: NEW → RESOLVED
Closed: 20 years ago
Keywords: fixed-aviary1.0
Resolution: --- → FIXED
Component: History → Bookmarks & History
QA Contact: mozilla → bookmarks
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: