summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--js/src/vm/StructuredClone.cpp5
1 files changed, 5 insertions, 0 deletions
diff --git a/js/src/vm/StructuredClone.cpp b/js/src/vm/StructuredClone.cpp
index 6c082d6065..9cd4f1e072 100644
--- a/js/src/vm/StructuredClone.cpp
+++ b/js/src/vm/StructuredClone.cpp
@@ -545,6 +545,11 @@ ReadStructuredClone(JSContext* cx, JSStructuredCloneData& data,
JS::StructuredCloneScope scope, MutableHandleValue vp,
const JSStructuredCloneCallbacks* cb, void* cbClosure)
{
+ if (data.Size() % 8) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr,
+ JSMSG_SC_BAD_SERIALIZED_DATA, "misaligned");
+ return false;
+ }
SCInput in(cx, data);
JSStructuredCloneReader r(in, scope, cb, cbClosure);
return r.read(vp);