Bug 451506 - "The return values of PR_Seek64 and PR_Available64 should be checked in FileImpl::Seek or else file corruption will occur" [r=benjamin sr=neil a=dveditz]
authorHiroyuki Ikezoe <poincare@ikezoe.net>
Wed, 01 Oct 2008 00:10:37 -0500
changeset 20025 6601dacc93f74df988a5ea414efa5504b73d0d2c
parent 20024 791bd7de18f78c1b575e3b443f1ae4a8bac9abbb
child 20026 6dad95d60106a7c3b0c52707f14fe8e519c13b85
push id2582
push userreed@reedloden.com
push dateWed, 01 Oct 2008 05:10:40 +0000
treeherdermozilla-central@6601dacc93f7 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbenjamin, neil, dveditz
bugs451506
milestone1.9.1b1pre
Bug 451506 - "The return values of PR_Seek64 and PR_Available64 should be checked in FileImpl::Seek or else file corruption will occur" [r=benjamin sr=neil a=dveditz]
xpcom/obsolete/nsIFileStream.cpp
--- a/xpcom/obsolete/nsIFileStream.cpp
+++ b/xpcom/obsolete/nsIFileStream.cpp
@@ -325,27 +325,29 @@ NS_IMETHODIMP FileImpl::Seek(PRInt32 whe
     if (mFileDesc==PR_STDIN || mFileDesc==PR_STDOUT || mFileDesc==PR_STDERR || !mFileDesc) 
        return NS_FILE_RESULT(PR_BAD_DESCRIPTOR_ERROR);
     mFailed = PR_FALSE; // reset on a seek.
     mEOF = PR_FALSE; // reset on a seek.
     
     // To avoid corruption, we flush during a seek. see bug number 18949
     InternalFlush(PR_FALSE);
 
+    const nsInt64 zero = 0;
     nsInt64 position = PR_Seek64(mFileDesc, 0, PR_SEEK_CUR);
     nsInt64 available = PR_Available64(mFileDesc);
+    if (position < zero || available < zero)
+       return NS_FILE_RESULT(PR_FILE_SEEK_ERROR);
     nsInt64 fileSize = position + available;
     nsInt64 newPosition = offset;
     switch (whence)
     {
         case NS_SEEK_CUR: newPosition += position; break;
         case NS_SEEK_SET: ; break;
         case NS_SEEK_END: newPosition += fileSize; break;
     }
-    const nsInt64 zero = 0;
     if (newPosition < zero)
     {
         newPosition = 0;
         mFailed = PR_TRUE;
     }
     if (newPosition >= fileSize) // nb: not "else if".
     {
         newPosition = fileSize;