'out-of-bounds access in kjasappletserver.cpp'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kfm-devel
Subject:    out-of-bounds access in kjasappletserver.cpp
From:       Matthias Kretz <kretz () kde ! org>
Date:       2008-08-04 14:32:14
Message-ID: 200808041632.14375.kretz () kde ! org
[Download RAW message or body]

Hi,

I got an out-of-bounds access in KJavaAppletServer::slotJavaRequest 
(khtml/java/kjavaappletserver.cpp). Attached is a simple patch that should fix 
the problem (and another one: the temporary QByteArray was gone too early).

Please CC me, I'm not subscribed.

Regards,
	Matthias

-- 
________________________________________________________
Matthias Kretz (Germany)                            <><
http://Vir.homelinux.org/
MatthiasKretz@gmx.net, kretz@kde.org,
Matthias.Kretz@urz.uni-heidelberg.de


["kjas.patch" (text/x-patch)]

Index: kjavaappletserver.cpp
===================================================================
--- kjavaappletserver.cpp	(revision 841847)
+++ kjavaappletserver.cpp	(working copy)
@@ -652,10 +652,12 @@
                 answer = "nossl";
             } else if (args.size() > 2) {
                 const int certsnr = args[1].toInt();
+                Q_ASSERT(args.size() > certsnr + 1);
                 QString text;
                 QList<KSSLCertificate *> certs;
-                for (int i = certsnr; i >= 0; --i) {
-                    KSSLCertificate * cert = \
KSSLCertificate::fromString(args[i+2].toAscii().constData()); +                for \
(int i = certsnr - 1; i >= 0; --i) { +                    const QByteArray &arg = \
args[i + 2].toAscii(); +                    KSSLCertificate * cert = \
KSSLCertificate::fromString(arg.constData());  if (cert) {
                         certs.prepend(cert);
                         if (cert->isSigner())



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic