Last Comment Bug 653718 - incorrect struct size check in can cause overrun
: incorrect struct size check in can cause overrun
Product: Core
Classification: Components
Component: Plug-ins (show other bugs)
: unspecified
: x86_64 Linux
: -- normal (vote)
: mozilla6
Assigned To: martin
Depends on:
  Show dependency treegraph
Reported: 2011-04-29 06:50 PDT by martin
Modified: 2011-05-02 10:40 PDT (History)
5 users (show)
bzbarsky: in‑testsuite?
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

fixes the struct size check in (1.62 KB, patch)
2011-04-29 06:53 PDT, martin
jaas: review+
Details | Diff | Splinter Review

Description martin 2011-04-29 06:50:09 PDT
User-Agent:       Opera/9.80 (X11; Linux x86_64; U; en) Presto/2.8.131 Version/11.10
Build Identifier: 

To joshmoz / dwitte;

When you added clearsitedata and urlredirectnotify, you forgot to update the struct size check in fillPluginFunctionTable() so now overwrites memory when loaded in browsers that don't support these funcs yet.

Look at the attached patch.

Reproducible: Always
Comment 1 martin 2011-04-29 06:53:23 PDT
Created attachment 529086 [details] [diff] [review]
fixes the struct size check in
Comment 2 Boris Zbarsky [:bz] 2011-04-29 18:04:49 PDT
Comment 3 Boris Zbarsky [:bz] 2011-05-02 10:39:34 PDT

Martin, thanks for the patch!

Do we need to backport this to any branches?
Comment 4 Boris Zbarsky [:bz] 2011-05-02 10:40:24 PDT
Er, the right m-c changset is

Note You need to log in before you can comment on or make changes to this bug.