Bug 717121 - crash nsMIMEHeaderParamImpl::DoParameterInternal. r=bz
authorMakoto Kato <m_kato@ga2.so-net.ne.jp>
Fri, 03 Feb 2012 15:09:40 +0900
changeset 86096 f65800b074acb736580129426932754f3d320f9e
parent 86095 f89af0e34b6b42ed5f4875f9becae66363d94e5a
child 86097 173f90d397a8991af1daba75d92f3080b6706019
push id21990
push userbmo@edmorley.co.uk
push dateFri, 03 Feb 2012 16:46:11 +0000
treeherdermozilla-central@4da18c2e4910 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs717121
milestone13.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 717121 - crash nsMIMEHeaderParamImpl::DoParameterInternal. r=bz
netwerk/mime/nsMIMEHeaderParamImpl.cpp
netwerk/test/unit/test_MIME_params.js
--- a/netwerk/mime/nsMIMEHeaderParamImpl.cpp
+++ b/netwerk/mime/nsMIMEHeaderParamImpl.cpp
@@ -303,17 +303,20 @@ nsMIMEHeaderParamImpl::DoParameterIntern
       valueStart = str;
       for (valueEnd = str; *valueEnd; ++valueEnd)
       {
         if (*valueEnd == '\\')
           ++valueEnd;
         else if (*valueEnd == '"')
           break;
       }
-      str = valueEnd + 1;
+      str = valueEnd;
+      // *valueEnd != null means that *valueEnd is quote character.
+      if (*valueEnd)
+        str++;
     }
 
     // See if this is the simplest case (case A above),
     // a 'single' line value with no charset and lang.
     // If so, copy it and return.
     if (tokenEnd - tokenStart == paramLen &&
         seenEquals &&
         !nsCRT::strncasecmp(tokenStart, aParamName, paramLen))
--- a/netwerk/test/unit/test_MIME_params.js
+++ b/netwerk/test/unit/test_MIME_params.js
@@ -291,16 +291,21 @@ var tests = [
   // previously with the fix for 692574:
   // "attachment", "bar.html"],
 
   // Bug 704989: add workaround for broken Outlook Web App (OWA)
   // attachment handling
 
   ["attachment; filename*=\"a%20b\"", 
    "attachment", "a b"],
+
+  // Bug 717121: crash nsMIMEHeaderParamImpl::DoParameterInternal
+
+  ["attachment; filename=\"", 
+   "attachment", ""], 
 ];
 
 function do_tests(whichRFC)
 {
   var mhp = Components.classes["@mozilla.org/network/mime-hdrparam;1"]
                       .getService(Components.interfaces.nsIMIMEHeaderParam);
 
   var unused = { value : null };