Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 303213 integer overflow in js

Browse Source 
patch by mrbkap r=brendan a=brendan


git-svn-id: svn://10.0.0.236/trunk@177088 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
timeless%mozdev.org 2005-08-04 01:52:01 +00:00
parent 14623cc391
commit d2c24bde31
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
mozilla/js/src/jsstr.c
View File

@ -361,6 +361,12 @@ js_str_escape(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval
} else {
newlength += 5; /* The character will be encoded as %uXXXX */
}
/* NB: this works because newlength can be incremented by at most 5. */
if (newlength < length) {
JS_ReportOutOfMemory(cx);
return JS_FALSE;
}
}
if (newlength >= ~(size_t)0 / sizeof(jschar)) {