Bug 1318766 - Validate length in SubstringTuple. r=froydnj a=gchang
MozReview-Commit-ID: JuwQS8jpKcX
--- a/xpcom/string/nsTSubstringTuple.cpp
+++ b/xpcom/string/nsTSubstringTuple.cpp
@@ -1,52 +1,55 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "mozilla/CheckedInt.h"
/**
* computes the aggregate string length
*/
nsTSubstringTuple_CharT::size_type
nsTSubstringTuple_CharT::Length() const
{
- uint32_t len;
+ mozilla::CheckedInt<size_type> len;
if (mHead) {
len = mHead->Length();
} else {
len = TO_SUBSTRING(mFragA).Length();
}
- return len + TO_SUBSTRING(mFragB).Length();
+ len += TO_SUBSTRING(mFragB).Length();
+ MOZ_RELEASE_ASSERT(len.isValid(), "Substring tuple length is invalid");
+ return len.value();
}
/**
* writes the aggregate string to the given buffer. aBufLen is assumed
* to be equal to or greater than the value returned by the Length()
* method. the string written to |aBuf| is not null-terminated.
*/
void
nsTSubstringTuple_CharT::WriteTo(char_type* aBuf, uint32_t aBufLen) const
{
const substring_type& b = TO_SUBSTRING(mFragB);
- NS_ASSERTION(aBufLen >= b.Length(), "buffer too small");
+ MOZ_RELEASE_ASSERT(aBufLen >= b.Length(), "buffer too small");
uint32_t headLen = aBufLen - b.Length();
if (mHead) {
mHead->WriteTo(aBuf, headLen);
} else {
const substring_type& a = TO_SUBSTRING(mFragA);
- NS_ASSERTION(a.Length() == headLen, "buffer incorrectly sized");
+ MOZ_RELEASE_ASSERT(a.Length() == headLen, "buffer incorrectly sized");
char_traits::copy(aBuf, a.Data(), a.Length());
}
char_traits::copy(aBuf + headLen, b.Data(), b.Length());
#if 0
// we need to write out data into |aBuf|, ending at |aBuf + aBufLen|. So our
// data needs to precede |aBuf + aBufLen| exactly. We trust that the buffer