diff options
| author | Steve Block <steveblock@google.com> | 2011-02-18 11:18:37 +0000 |
|---|---|---|
| committer | Steve Block <steveblock@google.com> | 2011-02-18 12:28:37 +0000 |
| commit | 4677cd9d22f8f63779e36690fc5b01413a482c51 (patch) | |
| tree | b93ef0aad1e33db8229016492107e617fd6dfbe7 /WebCore/bindings | |
| parent | fc4a7c214a17115d92d1a036c76221e1bca8bcb5 (diff) | |
| download | external_webkit-4677cd9d22f8f63779e36690fc5b01413a482c51.zip external_webkit-4677cd9d22f8f63779e36690fc5b01413a482c51.tar.gz external_webkit-4677cd9d22f8f63779e36690fc5b01413a482c51.tar.bz2 | |
Fix memory allocation bug in convertV8ObjectToNPVariant() for strings
This is a cherry-pick of WebKit change 78994
See http://trac.webkit.org/changeset/78994
Change-Id: I1994bbbe89490e68025f9bbaa0606cf9766f2ca3
Diffstat (limited to 'WebCore/bindings')
| -rw-r--r-- | WebCore/bindings/v8/V8NPUtils.cpp | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/WebCore/bindings/v8/V8NPUtils.cpp b/WebCore/bindings/v8/V8NPUtils.cpp index 4fb0456..cb752be 100644 --- a/WebCore/bindings/v8/V8NPUtils.cpp +++ b/WebCore/bindings/v8/V8NPUtils.cpp @@ -65,8 +65,9 @@ void convertV8ObjectToNPVariant(v8::Local<v8::Value> object, NPObject* owner, NP VOID_TO_NPVARIANT(*result); else if (object->IsString()) { v8::String::Utf8Value utf8(object); - char* utf8Chars = reinterpret_cast<char*>(malloc(utf8.length())); - memcpy(utf8Chars, *utf8, utf8.length()); + int length = utf8.length() + 1; + char* utf8Chars = reinterpret_cast<char*>(malloc(length)); + memcpy(utf8Chars, *utf8, length); STRINGN_TO_NPVARIANT(utf8Chars, utf8.length(), *result); } else if (object->IsObject()) { DOMWindow* window = V8Proxy::retrieveWindow(V8Proxy::currentContext()); |