Bug 1509685 - Add more bounds checking in nsMsgDBView::UpdateDisplayMessage() to avoid crashes. r=alta88 a=jorgk
authorJorg K <jorgk@jorgk.com>
Tue, 27 Nov 2018 21:11:03 +0100
changeset 31955 189364307b2e821567aef43c0faded255f4bf4d8
parent 31954 9c373f4cbef707b9cfd7eb01879020f0b58af771
child 31956 4f5ec4473e22a72d72241ef98216ce9fbe51c569
push id110
push usermozilla@jorgk.com
push dateWed, 28 Nov 2018 11:39:28 +0000
treeherdercomm-esr60@0ba73c30a3d9 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersalta88, jorgk
bugs1509685
Bug 1509685 - Add more bounds checking in nsMsgDBView::UpdateDisplayMessage() to avoid crashes. r=alta88 a=jorgk
mailnews/base/src/nsMsgDBView.cpp
--- a/mailnews/base/src/nsMsgDBView.cpp
+++ b/mailnews/base/src/nsMsgDBView.cpp
@@ -1177,28 +1177,32 @@ nsMsgDBView::UpdateDisplayMessage(nsMsgV
   // Get the subject and the folder for the message and inform the front
   // end that we changed the message we are currently displaying.
   nsresult rv;
   nsCOMPtr <nsIMsgDBHdr> msgHdr;
   rv = GetMsgHdrForViewIndex(viewPosition, getter_AddRefs(msgHdr));
   NS_ENSURE_SUCCESS(rv,rv);
 
   nsString subject;
+  if (viewPosition >= (nsMsgViewIndex)m_flags.Length())
+    return NS_MSG_INVALID_DBVIEW_INDEX;
   FetchSubject(msgHdr, m_flags[viewPosition], subject);
 
   nsCString keywords;
   rv = msgHdr->GetStringProperty("keywords", getter_Copies(keywords));
   NS_ENSURE_SUCCESS(rv,rv);
 
   nsCOMPtr<nsIMsgFolder> folder = m_viewFolder ? m_viewFolder : m_folder;
 
   mCommandUpdater->DisplayMessageChanged(folder, subject, keywords);
 
   if (folder)
   {
+    if (viewPosition >= (nsMsgViewIndex)m_keys.Length())
+      return NS_MSG_INVALID_DBVIEW_INDEX;
     rv = folder->SetLastMessageLoaded(m_keys[viewPosition]);
     NS_ENSURE_SUCCESS(rv,rv);
   }
 
   return NS_OK;
 }
 
 // Given a msg key, we will load the message for it.