From 4677cd9d22f8f63779e36690fc5b01413a482c51 Mon Sep 17 00:00:00 2001
From: Steve Block <steveblock@google.com>
Date: Fri, 18 Feb 2011 11:18:37 +0000
Subject: Fix memory allocation bug in convertV8ObjectToNPVariant() for strings

This is a cherry-pick of WebKit change 78994

See http://trac.webkit.org/changeset/78994

Change-Id: I1994bbbe89490e68025f9bbaa0606cf9766f2ca3
---
 WebCore/bindings/v8/V8NPUtils.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'WebCore/bindings')

diff --git a/WebCore/bindings/v8/V8NPUtils.cpp b/WebCore/bindings/v8/V8NPUtils.cpp
index 4fb0456..cb752be 100644
--- a/WebCore/bindings/v8/V8NPUtils.cpp
+++ b/WebCore/bindings/v8/V8NPUtils.cpp
@@ -65,8 +65,9 @@ void convertV8ObjectToNPVariant(v8::Local<v8::Value> object, NPObject* owner, NP
         VOID_TO_NPVARIANT(*result);
     else if (object->IsString()) {
         v8::String::Utf8Value utf8(object);
-        char* utf8Chars = reinterpret_cast<char*>(malloc(utf8.length()));
-        memcpy(utf8Chars, *utf8, utf8.length());
+        int length = utf8.length() + 1;
+        char* utf8Chars = reinterpret_cast<char*>(malloc(length));
+        memcpy(utf8Chars, *utf8, length);
         STRINGN_TO_NPVARIANT(utf8Chars, utf8.length(), *result);
     } else if (object->IsObject()) {
         DOMWindow* window = V8Proxy::retrieveWindow(V8Proxy::currentContext());
-- 
cgit v1.1