Bug 1509685 - Add more bounds checking in nsMsgDBView::UpdateDisplayMessage() to avoid crashes, take 2. r=alta88 a=jorgk
authorJorg K <jorgk@jorgk.com>
Wed, 28 Nov 2018 21:48:00 +0100
changeset 33514 b2a3f7b11639f5b4ea32f7f9d7b12ebd15e18e92
parent 33513 21dec7eb5de781d821a0cd1869641ed724a1020c
child 33515 c839e782792f00b76b94fa6004745d9e2006321e
push id387
push userclokep@gmail.com
push dateMon, 10 Dec 2018 21:30:47 +0000
reviewersalta88, jorgk
bugs1509685
Bug 1509685 - Add more bounds checking in nsMsgDBView::UpdateDisplayMessage() to avoid crashes, take 2. r=alta88 a=jorgk
mailnews/base/src/nsMsgDBView.cpp
--- a/mailnews/base/src/nsMsgDBView.cpp
+++ b/mailnews/base/src/nsMsgDBView.cpp
@@ -1201,16 +1201,18 @@ nsMsgDBView::LoadMessageByViewIndex(nsMs
   nsCString uri;
   nsresult rv = GetURIForViewIndex(aViewIndex, uri);
   if (!mSuppressMsgDisplay && !m_currentlyDisplayedMsgUri.Equals(uri))
   {
     NS_ENSURE_SUCCESS(rv,rv);
     nsCOMPtr<nsIMessenger> messenger (do_QueryReferent(mMessengerWeak));
     NS_ENSURE_TRUE(messenger, NS_ERROR_FAILURE);
     messenger->OpenURL(uri);
+    if (aViewIndex >= (nsMsgViewIndex)m_keys.Length())
+      return NS_MSG_INVALID_DBVIEW_INDEX;
     m_currentlyDisplayedMsgKey = m_keys[aViewIndex];
     m_currentlyDisplayedMsgUri = uri;
     m_currentlyDisplayedViewIndex = aViewIndex;
     UpdateDisplayMessage(m_currentlyDisplayedViewIndex);
   }
 
   return NS_OK;
 }