Bug 1380078: Fix truncation of buffer size in CFStringRefToUTF8Buffer(); r?spohl
On 64 bit systems CFStringGetMaximumSizeForEncoding() returns a
CFIndex (long) integer which was being converted to an int, which may
not be 64 bit. This has been changed to an int64_t so it will never
truncate.
In addition, in the same function there was a redundant null check on
the return from moz_xmalloc. This is an infallible memory allocator,
so the check is useless and has been removed.
MozReview-Commit-ID: 7BtBxPmGgQC
--- a/dom/plugins/base/nsPluginsDirDarwin.cpp
+++ b/dom/plugins/base/nsPluginsDirDarwin.cpp
@@ -96,23 +96,20 @@ bool nsPluginsDir::IsPluginFile(nsIFile*
// Caller is responsible for freeing returned buffer.
static char* CFStringRefToUTF8Buffer(CFStringRef cfString)
{
const char* buffer = ::CFStringGetCStringPtr(cfString, kCFStringEncodingUTF8);
if (buffer) {
return PL_strdup(buffer);
}
- int bufferLength =
+ int64_t bufferLength =
::CFStringGetMaximumSizeForEncoding(::CFStringGetLength(cfString),
kCFStringEncodingUTF8) + 1;
char* newBuffer = static_cast<char*>(moz_xmalloc(bufferLength));
- if (!newBuffer) {
- return nullptr;
- }
if (!::CFStringGetCString(cfString, newBuffer, bufferLength,
kCFStringEncodingUTF8)) {
free(newBuffer);
return nullptr;
}
newBuffer = static_cast<char*>(moz_xrealloc(newBuffer,