guix-play/gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch
Mark H Weaver a606ed89d4 gnu: webkitgtk-2.4: Fix potential code execution vulnerability.
* gnu/packages/patches/webkitgtk-2.4-sql-init-string.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/webkit.scm (webkitgtk-2.4)[source]: Add patch.
2015-10-07 22:54:09 -04:00

18 lines
948 B
Diff

Copied from Fedora.
https://bugzilla.redhat.com/show_bug.cgi?id=1189303
http://pkgs.fedoraproject.org/cgit/webkitgtk.git/commit/?id=e689e45d0cc2c50484e69d20371ba607af7326f3
diff -up webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp.sql_initialize_string webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp
--- webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp.sql_initialize_string 2015-09-14 09:25:43.004200172 +0200
+++ webkitgtk-2.4.9/Source/WebCore/platform/sql/SQLiteStatement.cpp 2015-09-14 09:25:57.852082368 +0200
@@ -71,7 +71,7 @@ int SQLiteStatement::prepare()
// this lets SQLite avoid an extra string copy.
size_t lengthIncludingNullCharacter = query.length() + 1;
- const char* tail;
+ const char* tail = nullptr;
int error = sqlite3_prepare_v2(m_database.sqlite3Handle(), query.data(), lengthIncludingNullCharacter, &m_statement, &tail);
if (error != SQLITE_OK)