Closed Bug 653718 Opened 15 years ago Closed 15 years ago

incorrect struct size check in libnptest.so can cause overrun

Categories

(Core Graveyard :: Plug-ins, defect)

Product:
Core Graveyard
Component:
Plug-ins
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
mozilla6

People

(Reporter: mnemo, Assigned: mnemo)

Details

Attachments

(1 file)

fixes the struct size check in libnptest.so
1.62 KB, patch
jaas
: review+
Details | Diff | Splinter Review
User-Agent: Opera/9.80 (X11; Linux x86_64; U; en) Presto/2.8.131 Version/11.10 Build Identifier: To joshmoz / dwitte; When you added clearsitedata and urlredirectnotify, you forgot to update the struct size check in fillPluginFunctionTable() so now libnptest.so overwrites memory when loaded in browsers that don't support these funcs yet. Look at the attached patch. Reproducible: Always
Attachment #529086 - Flags: review?(joshmoz)
Attachment #529086 - Flags: review?(joshmoz) → review+
Assignee: nobody → mnemo
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Keywords: checkin-needed
http://hg.mozilla.org/mozilla-central/rev/c8c3e140ebe3 Martin, thanks for the patch! Do we need to backport this to any branches?
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Flags: in-testsuite?
Resolution: --- → FIXED
Whiteboard: [fixed-in-cedar]
Target Milestone: --- → mozilla6
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: