Bug 1509685 - Add more bounds checking in nsMsgDBView::UpdateDisplayMessage() to avoid crashes. r=alta88 a=jorgk
authorJorg K <jorgk@jorgk.com>
Tue, 27 Nov 2018 21:11:03 +0100
changeset 33513 21dec7eb5de781d821a0cd1869641ed724a1020c
parent 33512 f31b3a9ea5a80493a2358ea7708f2f476d289608
child 33514 b2a3f7b11639f5b4ea32f7f9d7b12ebd15e18e92
push id387
push userclokep@gmail.com
push dateMon, 10 Dec 2018 21:30:47 +0000
reviewersalta88, jorgk
bugs1509685
Bug 1509685 - Add more bounds checking in nsMsgDBView::UpdateDisplayMessage() to avoid crashes. r=alta88 a=jorgk
mailnews/base/src/nsMsgDBView.cpp
--- a/mailnews/base/src/nsMsgDBView.cpp
+++ b/mailnews/base/src/nsMsgDBView.cpp
@@ -1157,28 +1157,32 @@ nsMsgDBView::UpdateDisplayMessage(nsMsgV
   // Get the subject and the folder for the message and inform the front
   // end that we changed the message we are currently displaying.
   nsresult rv;
   nsCOMPtr <nsIMsgDBHdr> msgHdr;
   rv = GetMsgHdrForViewIndex(viewPosition, getter_AddRefs(msgHdr));
   NS_ENSURE_SUCCESS(rv,rv);
 
   nsString subject;
+  if (viewPosition >= (nsMsgViewIndex)m_flags.Length())
+    return NS_MSG_INVALID_DBVIEW_INDEX;
   FetchSubject(msgHdr, m_flags[viewPosition], subject);
 
   nsCString keywords;
   rv = msgHdr->GetStringProperty("keywords", getter_Copies(keywords));
   NS_ENSURE_SUCCESS(rv,rv);
 
   nsCOMPtr<nsIMsgFolder> folder = m_viewFolder ? m_viewFolder : m_folder;
 
   mCommandUpdater->DisplayMessageChanged(folder, subject, keywords);
 
   if (folder)
   {
+    if (viewPosition >= (nsMsgViewIndex)m_keys.Length())
+      return NS_MSG_INVALID_DBVIEW_INDEX;
     rv = folder->SetLastMessageLoaded(m_keys[viewPosition]);
     NS_ENSURE_SUCCESS(rv,rv);
   }
 
   return NS_OK;
 }
 
 // Given a msg key, we will load the message for it.