From e6a9d13e646260f7c895779dc79a9196aa333a18 Mon Sep 17 00:00:00 2001 From: Steve Fink Date: Thu, 13 Jan 2022 09:36:11 +0000 Subject: [js] Add dynamic check for valid serialized length --- js/src/vm/StructuredClone.cpp | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'js') diff --git a/js/src/vm/StructuredClone.cpp b/js/src/vm/StructuredClone.cpp index 6c082d6065..9cd4f1e072 100644 --- a/js/src/vm/StructuredClone.cpp +++ b/js/src/vm/StructuredClone.cpp @@ -545,6 +545,11 @@ ReadStructuredClone(JSContext* cx, JSStructuredCloneData& data, JS::StructuredCloneScope scope, MutableHandleValue vp, const JSStructuredCloneCallbacks* cb, void* cbClosure) { + if (data.Size() % 8) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_SC_BAD_SERIALIZED_DATA, "misaligned"); + return false; + } SCInput in(cx, data); JSStructuredCloneReader r(in, scope, cb, cbClosure); return r.read(vp); -- cgit v1.2.3