Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Register
  • Sign in
  • Epiphany Epiphany
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
  • Issues 294
    • Issues 294
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 17
    • Merge requests 17
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • GNOMEGNOME
  • EpiphanyEpiphany
  • Merge requests
  • !1106

Fix memory corruption in ephy_string_shorten()

  • Review changes

  • Download
  • Patches
  • Plain diff
Merged Michael Catanzaro requested to merge mcatanzaro/memory-corruption into master Apr 15, 2022
  • Overview 2
  • Commits 1
  • Pipelines 5
  • Changes 1

This reverts commit 232c6134.

I got my browser stuck in a crash loop today while visiting a website with a page title greater than ephy-embed.c's MAX_TITLE_LENGTH, the only condition in which ephy_string_shorten() is ever used. Turns out this commit is wrong: an ellipses is a multibyte character (three bytes in UTF-8) and so we're writing past the end of the buffer when calling strcat() here. Ooops.

Shame it took nearly four years to notice and correct this.

Edited Apr 15, 2022 by Michael Catanzaro
Assignee
Assign to
Reviewers
Request review from
Time tracking
Source branch: mcatanzaro/memory-corruption