Bug 1251120 - Some tweaks to stop a crash due to buffer overrun. r=rkent a=rkent THUNDERBIRD452b1_2016051723_RELBRANCH
authorJorg K
Fri, 11 Mar 2016 22:49:40 +0100
branchTHUNDERBIRD452b1_2016051723_RELBRANCH
changeset 27063 7cffc99889eda80f8ec52c14e1aadef55d1c341b
parent 27062 65455922e9027a26c53e56c8b1a66806e7f5c147
child 27064 783e478d9b036a939489a4f9fc198bb12caa7d32
push id1850
push userclokep@gmail.com
push dateWed, 08 Mar 2017 19:29:12 +0000
treeherdercomm-esr52@028df196b2d9 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersrkent, rkent
bugs1251120
Bug 1251120 - Some tweaks to stop a crash due to buffer overrun. r=rkent a=rkent
mailnews/base/util/nsMsgI18N.cpp
--- a/mailnews/base/util/nsMsgI18N.cpp
+++ b/mailnews/base/util/nsMsgI18N.cpp
@@ -72,39 +72,50 @@ nsresult nsMsgI18NConvertFromUnicode(con
   rv = encoder->SetOutputErrorBehavior(behavior, nullptr, '?');
   NS_ENSURE_SUCCESS(rv, rv);
 
   const char16_t *originalSrcPtr = inString.get();
   const char16_t *currentSrcPtr = originalSrcPtr;
   int32_t originalUnicharLength = inString.Length();
   int32_t srcLength;
   int32_t dstLength;
-  char localbuf[512];
+  char localbuf[512+10]; // We have seen cases were the buffer was overrun
+                         // by two (!!) bytes (Bug 1255863).
+                         // So give it ten bytes more for now to avoid a crash.
   int32_t consumedLen = 0;
 
   bool mappingFailure = false;
   outString.Truncate();
   // convert
   while (consumedLen < originalUnicharLength) {
     srcLength = originalUnicharLength - consumedLen;  
     dstLength = 512;
     rv = encoder->Convert(currentSrcPtr, &srcLength, localbuf, &dstLength);
+#ifdef DEBUG
+    if (dstLength > 512) {
+      char warning[100];
+      sprintf(warning, "encoder->Convert() returned %d bytes. Limit = 512", dstLength);
+      NS_WARNING(warning);
+    }
+#endif
     if (rv == NS_ERROR_UENC_NOMAPPING) {
       mappingFailure = true;
     }
     if (NS_FAILED(rv) || dstLength == 0)
       break;
     outString.Append(localbuf, dstLength);
 
     currentSrcPtr += srcLength;
     consumedLen = currentSrcPtr - originalSrcPtr; // src length used so far
   }
+  dstLength = 512; // Reset available buffer size.
   rv = encoder->Finish(localbuf, &dstLength);
   if (NS_SUCCEEDED(rv)) {
-    outString.Append(localbuf, dstLength);
+    if (dstLength)
+      outString.Append(localbuf, dstLength);
     return !mappingFailure ? rv: NS_ERROR_UENC_NOMAPPING;
   }
   return rv;
 }
 
 nsresult nsMsgI18NConvertToUnicode(const char* aCharset,
                                    const nsCString& inString, 
                                    nsAString& outString,