diff options
author | Pale Moon <git-repo@palemoon.org> | 2017-02-01 19:14:43 +0100 |
---|---|---|
committer | Pale Moon <git-repo@palemoon.org> | 2017-02-01 19:14:43 +0100 |
commit | dea0da2536e84f4a4eee6aa85d8abf26235d9e2c (patch) | |
tree | b447a237e0e6c83cc599b5e31270ef51fc5073ca /xpcom | |
parent | 0a72f71fadc4a98697ba5f1298ed94096345a43b (diff) | |
download | palemoon-gre-dea0da2536e84f4a4eee6aa85d8abf26235d9e2c.tar.gz |
Validate length in SubstringTuple.
Diffstat (limited to 'xpcom')
-rw-r--r-- | xpcom/string/nsTSubstringTuple.cpp | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/xpcom/string/nsTSubstringTuple.cpp b/xpcom/string/nsTSubstringTuple.cpp index 75c3c9728..2a84a9a4e 100644 --- a/xpcom/string/nsTSubstringTuple.cpp +++ b/xpcom/string/nsTSubstringTuple.cpp @@ -4,6 +4,7 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +#include "mozilla/CheckedInt.h" /** * computes the aggregate string length @@ -12,14 +13,16 @@ nsTSubstringTuple_CharT::size_type nsTSubstringTuple_CharT::Length() const { - uint32_t len; + mozilla::CheckedInt<size_type> len; if (mHead) { len = mHead->Length(); } else { len = TO_SUBSTRING(mFragA).Length(); } - return len + TO_SUBSTRING(mFragB).Length(); + len += TO_SUBSTRING(mFragB).Length(); + MOZ_RELEASE_ASSERT(len.isValid(), "Substring tuple length is invalid"); + return len.value(); } @@ -34,14 +37,14 @@ nsTSubstringTuple_CharT::WriteTo(char_type* aBuf, uint32_t aBufLen) const { const substring_type& b = TO_SUBSTRING(mFragB); - NS_ASSERTION(aBufLen >= b.Length(), "buffer too small"); + MOZ_RELEASE_ASSERT(aBufLen >= b.Length(), "buffer too small"); uint32_t headLen = aBufLen - b.Length(); if (mHead) { mHead->WriteTo(aBuf, headLen); } else { const substring_type& a = TO_SUBSTRING(mFragA); - NS_ASSERTION(a.Length() == headLen, "buffer incorrectly sized"); + MOZ_RELEASE_ASSERT(a.Length() == headLen, "buffer incorrectly sized"); char_traits::copy(aBuf, a.Data(), a.Length()); } |