Bug 1373579: Part 2 - Check fallible BufferList allocation in setCloneBuffer. r?billm
MozReview-Commit-ID: Jn7iAVAT1v5
--- a/js/src/builtin/TestingFunctions.cpp
+++ b/js/src/builtin/TestingFunctions.cpp
@@ -2373,16 +2373,18 @@ class CloneBufferObject : public NativeO
obj->discard();
char* str = JS_EncodeString(cx, args[0].toString());
if (!str)
return false;
size_t nbytes = JS_GetStringLength(args[0].toString());
MOZ_ASSERT(nbytes % sizeof(uint64_t) == 0);
auto buf = js::MakeUnique<JSStructuredCloneData>(nbytes, nbytes, nbytes);
+ if (buf->Size() < nbytes)
+ return false;
js_memcpy(buf->Start(), str, nbytes);
JS_free(cx, str);
obj->setData(buf.release());
args.rval().setUndefined();
return true;
}
