Mercurial > mozreview > gecko / changeset / e8cf42835149dbf25150c734a339e0d70b432bc5
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1332218 - Add boundary checks for array access in nsUrlClassifierPrefixSet::GetPrefixesNative. r=francois. draft
authorHenry Chang <hchang@mozilla.com>
Thu, 19 Jan 2017 17:48:44 +0800
changeset 463560 e8cf42835149dbf25150c734a339e0d70b432bc5
parent 463559 2365700d798821589e32c8fbeceefced1ab3da7c
child 542713 98094c782c7f855fe4f0901560ccf0b8995802a1
push id42105
push userhchang@mozilla.com
push dateThu, 19 Jan 2017 09:49:32 +0000
reviewersfrancois
bugs1332218
milestone53.0a1
Bug 1332218 - Add boundary checks for array access in nsUrlClassifierPrefixSet::GetPrefixesNative. r=francois. MozReview-Commit-ID: CpQYdTaEI3c
toolkit/components/url-classifier/nsUrlClassifierPrefixSet.cpp file | annotate | diff | comparison | revisions 
--- a/toolkit/components/url-classifier/nsUrlClassifierPrefixSet.cpp
+++ b/toolkit/components/url-classifier/nsUrlClassifierPrefixSet.cpp
@@ -151,19 +151,26 @@ nsUrlClassifierPrefixSet::GetPrefixesNat
   }
 
   uint32_t prefixIdxLength = mIndexPrefixes.Length();
   uint32_t prefixCnt = 0;
 
   for (uint32_t i = 0; i < prefixIdxLength; i++) {
     uint32_t prefix = mIndexPrefixes[i];
 
+    if (prefixCnt >= mTotalPrefixes) {
+      return NS_ERROR_FAILURE;
+    }
     outArray[prefixCnt++] = prefix;
+
     for (uint32_t j = 0; j < mIndexDeltas[i].Length(); j++) {
       prefix += mIndexDeltas[i][j];
+      if (prefixCnt >= mTotalPrefixes) {
+        return NS_ERROR_FAILURE;
+      }
       outArray[prefixCnt++] = prefix;
     }
   }
 
   NS_ASSERTION(mTotalPrefixes == prefixCnt, "Lengths are inconsistent");
   return NS_OK;
 }
gecko
Deployed from af051c2a8da7 at 2024-04-29T16:08:02Z.