From bf04ad0dae9f4f479f90fd2b38f634ffbaf434b4 Mon Sep 17 00:00:00 2001
From: "piman@google.com"
 <piman@google.com@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Tue, 19 Apr 2011 21:54:26 +0000
Subject: Fix invalid read in ppapi code

BUG=77493
TEST=attached test

Review URL: http://codereview.chromium.org/6883059

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@82172 0039d316-1c4b-4281-b951-d872f2087c98
---
 webkit/plugins/ppapi/npapi_glue.cc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'webkit/plugins')

diff --git a/webkit/plugins/ppapi/npapi_glue.cc b/webkit/plugins/ppapi/npapi_glue.cc
index 112c42e..b2eacb4 100644
--- a/webkit/plugins/ppapi/npapi_glue.cc
+++ b/webkit/plugins/ppapi/npapi_glue.cc
@@ -51,7 +51,9 @@ bool PPVarToNPVariant(PP_Var var, NPVariant* result) {
         return false;
       }
       const std::string& value = string->value();
-      STRINGN_TO_NPVARIANT(base::strdup(value.c_str()), value.size(), *result);
+      char* c_string = static_cast<char*>(malloc(value.size()));
+      memcpy(c_string, value.data(), value.size());
+      STRINGN_TO_NPVARIANT(c_string, value.size(), *result);
       break;
     }
     case PP_VARTYPE_OBJECT: {
-- 
cgit v1.1