2009-03-01 Larry Ewing <lewing@novell.com>
authorlevin@chromium.org <levin@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 2 Mar 2009 00:41:37 +0000 (00:41 +0000)
committerlevin@chromium.org <levin@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 2 Mar 2009 00:41:37 +0000 (00:41 +0000)
commit9acdda96a4f99effd198b92e52ef7d328514dd1b
tree177460f61681999eff21f5e118c45e698d8b5a1d
parent259a6b61aba5f1dd5b7b3b5973da0566a56a2136
2009-03-01  Larry Ewing  <lewing@novell.com>

        Reviewed by Alexey Proskuryakov.

        https://bugs.webkit.org/show_bug.cgi?id=24080
        NPN_GetValue casting to the wrong type and writing outside bounds

        Make sure to cast the value to the correct type so that only
        memory owned by the value is written to.

        * plugins/gtk/PluginViewGtk.cpp (PluginView::getValueStatic):
        * plugins/qt/PluginViewQt.cpp (PluginView::getValueStatic):
        * plugins/mac/PluginViewMac.cpp (PluginView::getValueStatic):
        (PluginView::getValue):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@41346 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebCore/ChangeLog
WebCore/plugins/gtk/PluginViewGtk.cpp
WebCore/plugins/mac/PluginViewMac.cpp
WebCore/plugins/qt/PluginViewQt.cpp