Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 858256 Details for
Bug 1052309
SPICE ActiveX crashes on IE 11
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Load: be more careful with pVar - fix an IE11 crash
0001-Load-be-more-careful-with-pVar-fix-an-IE11-crash-105.patch (text/plain), 2.41 KB, created by
Uri Lublin
on 2014-02-02 14:14:51 UTC
(
hide
)
Description:
Load: be more careful with pVar - fix an IE11 crash
Filename:
MIME Type:
Creator:
Uri Lublin
Created:
2014-02-02 14:14:51 UTC
Size:
2.41 KB
patch
obsolete
>From b2d6386398aff060eb318c11a47a08ccf3615ebb Mon Sep 17 00:00:00 2001 >Message-Id: <b2d6386398aff060eb318c11a47a08ccf3615ebb.1390134084.git.uril@redhat.com> >From: Uri Lublin <uril@redhat.com> >Date: Thu, 16 Jan 2014 15:55:48 +0200 >Subject: [PATCH] Load: be more careful with pVar - fix an IE11 crash (#1052080) > >pVar holds and acts like a union. >Using pVar as int (VT_UI2) and later as string (BSTR) may be >problematic, as follows: >1. An non-zero integer value is set (including uninitialized variable) >2. pVar type is set to BSTR (note that the value (ptr) is not set 0) >3. nothing changes pVar value (leaving the int value from before) >4. pVar is freed as a string --> trying to free a pointer with a random >value may cause a crash. > >This patch initialize pVar to 0, and sets it to 0 before any type change. >This is more than is needed, but I thought that if someone >copy/paste the code it better have that protection too. >--- > OSpiceX.cpp | 6 +++++- > 1 files changed, 5 insertions(+), 1 deletions(-) > >diff --git a/OSpiceX.cpp b/OSpiceX.cpp >index d3990c3..43a3d6a 100644 >--- a/OSpiceX.cpp >+++ b/OSpiceX.cpp >@@ -379,7 +379,7 @@ STDMETHODIMP COSpiceX::SetSecondaryAddress(void) > > STDMETHODIMP COSpiceX::Load(IPropertyBag *pPropBag, IErrorLog* pErrorLog) > { >- CComVariant pVar; >+ CComVariant pVar(0); > HRESULT hRes; > > pVar.vt = VT_UI2; >@@ -389,6 +389,7 @@ STDMETHODIMP COSpiceX::Load(IPropertyBag *pPropBag, IErrorLog* pErrorLog) > m_Port = pVar.uiVal; > } > >+ pVar = 0; > pVar.vt = VT_UI2; > hRes = pPropBag->Read(L"SecurePort", &pVar, pErrorLog); > if (hRes == S_OK) >@@ -396,6 +397,7 @@ STDMETHODIMP COSpiceX::Load(IPropertyBag *pPropBag, IErrorLog* pErrorLog) > m_SecurePort = pVar.uiVal; > } > >+ pVar = 0; > pVar.vt = VT_BSTR; > hRes = pPropBag->Read(L"HostIP", &pVar, pErrorLog); > if (hRes == S_OK) >@@ -403,6 +405,7 @@ STDMETHODIMP COSpiceX::Load(IPropertyBag *pPropBag, IErrorLog* pErrorLog) > StringCchCopyN(m_HostIP, MAX_PATH, pVar.bstrVal, MAX_PATH); > } > >+ pVar = 0; > pVar.vt = VT_BSTR; > hRes = pPropBag->Read(L"Title", &pVar, pErrorLog); > if (hRes == S_OK) >@@ -410,6 +413,7 @@ STDMETHODIMP COSpiceX::Load(IPropertyBag *pPropBag, IErrorLog* pErrorLog) > StringCchCopyN(m_Title, RED_CLIENT_MAX_TITLE_SIZE, pVar.bstrVal, RED_CLIENT_MAX_TITLE_SIZE); > } > >+ pVar = 0; > pVar.vt = VT_BSTR; > hRes = pPropBag->Read(L"CipherSuite", &pVar, pErrorLog); > if (hRes == S_OK && lstrlen(V_BSTR(&pVar)) > 0) >-- >1.7.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=858256">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1052309
: 858256