- mozilla: possible heap corruption when parsing options as string

author Damien Fouilleul <damienf@videolan.org>

Thu, 22 Mar 2007 16:58:22 +0000 (16:58 +0000)

committer Damien Fouilleul <damienf@videolan.org>

Thu, 22 Mar 2007 16:58:22 +0000 (16:58 +0000)
author Damien Fouilleul <damienf@videolan.org>
Thu, 22 Mar 2007 16:58:22 +0000 (16:58 +0000)
committer Damien Fouilleul <damienf@videolan.org>
Thu, 22 Mar 2007 16:58:22 +0000 (16:58 +0000)
diff --git a/mozilla/control/npolibvlc.cpp b/mozilla/control/npolibvlc.cpp

index bf92906c2fe08eef5a3e34950ec1f62f78ecd449..20822b4301aa98be4cdf019a01793ceb2c098fc6 100755 (executable)
--- a/mozilla/control/npolibvlc.cpp
+++ b/mozilla/control/npolibvlc.cpp
@@ -1650,11 +1650,12 @@ RuntimeNPObject::InvokeResult LibvlcPlaylistNPObject::invoke(int index, const NP
      return INVOKERESULT_GENERIC_ERROR;\r
  }\r
  \r
-void LibvlcPlaylistNPObject::parseOptions(const NPString &s, int *i_options, char*** ppsz_options)\r
+void LibvlcPlaylistNPObject::parseOptions(const NPString &nps, int *i_options, char*** ppsz_options)\r
  {\r
-    if( s.utf8length )\r
+    if( nps.utf8length )\r
      {\r
-        char *val = stringValue(s);\r
+        char *s = stringValue(nps);\r
+        char *val = s;\r
          if( val )\r
          {\r
              long capacity = 16;\r
@@ -1663,7 +1664,7 @@ void LibvlcPlaylistNPObject::parseOptions(const NPString &s, int *i_options, cha
              {\r
                  int nOptions = 0;\r
  \r
-                char *end = val + s.utf8length;\r
+                char *end = val + nps.utf8length;\r
                  while( val < end )\r
                  {\r
                      // skip leading blanks\r
@@ -1694,11 +1695,11 @@ void LibvlcPlaylistNPObject::parseOptions(const NPString &s, int *i_options, cha
                              if( ! moreOptions )\r
                              {\r
                                  /* failed to allocate more memory */\r
-                                delete val;\r
+                                delete s;\r
                                  /* return what we got so far */\r
                                  *i_options = nOptions;\r
                                  *ppsz_options = options;\r
-                                break;\r
+                                return;\r
                              }\r
                              options = moreOptions;\r
                          }\r
@@ -1712,7 +1713,7 @@ void LibvlcPlaylistNPObject::parseOptions(const NPString &s, int *i_options, cha
                  *i_options = nOptions;\r
                  *ppsz_options = options;\r
              }\r
-            delete val;\r
+            delete s;\r
          }\r
      }\r
  }\r
author	Damien Fouilleul <damienf@videolan.org>
	Thu, 22 Mar 2007 16:58:22 +0000 (16:58 +0000)
committer	Damien Fouilleul <damienf@videolan.org>
	Thu, 22 Mar 2007 16:58:22 +0000 (16:58 +0000)