Fix crash on unicode "zero width non-joiner" sequence. b=217903 r+sr=dbaron
authormats.palmgren@bredband.net
Thu, 28 Jun 2007 13:02:57 -0700
changeset 2932 b41736b5548ccfc6de35d18375eef9ba8ddad521
parent 2931 37fdaa589609ca6951a3cb4f5ae5fd25a2607d08
child 2933 a06bb370c9c9a1b8467e6db4e8a3f4549543c0ac
push idunknown
push userunknown
push dateunknown
bugs217903
milestone1.9a6pre
Fix crash on unicode "zero width non-joiner" sequence. b=217903 r+sr=dbaron
intl/unicharutil/util/nsBidiUtils.cpp
--- a/intl/unicharutil/util/nsBidiUtils.cpp
+++ b/intl/unicharutil/util/nsBidiUtils.cpp
@@ -352,16 +352,17 @@ nsresult ArabicShaping(const PRUnichar* 
     else 
       *lDest++ = *lSrc++; 
 
   }
   if(lSrc < dest)
     *lDest++ = *lSrc++; 
 
   *aBufLen = lDest - aBuf;
+  NS_ASSERTION(*aBufLen <= aLen, "ArabicShaping() likely did a buffer overflow!");
 
   if (aOutputLogical) {
     ReverseString(aBuf, *aBufLen);
   }
   return NS_OK;
 }
 
 nsresult Conv_FE_06(const nsString& aSrc, nsString& aDst)