Bug 1300140 - Return error when IME attribute array doesn't have valid. r=masayuki
authorMakoto Kato <m_kato@ga2.so-net.ne.jp>
Wed, 14 Sep 2016 11:09:00 +0900
changeset 355042 facf5812faffa05e6037e96c92a5835d12937966
parent 355041 002b4c56b913fcce358c53ee69d70cc777ba5fa4
child 355043 4bdbbae12cb345de1d0dd52759a1824d031c7f91
push id6570
push userraliiev@mozilla.com
push dateMon, 14 Nov 2016 12:26:13 +0000
treeherdermozilla-beta@f455459b2ae5 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmasayuki
bugs1300140
milestone51.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1300140 - Return error when IME attribute array doesn't have valid. r=masayuki MozReview-Commit-ID: 2paKhQNSR11
widget/windows/IMMHandler.cpp
--- a/widget/windows/IMMHandler.cpp
+++ b/widget/windows/IMMHandler.cpp
@@ -1990,16 +1990,22 @@ IMMHandler::DispatchCompositionChangeEve
         MOZ_LOG(gIMMLog, LogLevel::Info,
           ("DispatchCompositionChangeEvent, mClauseArray[%ld]=%lu. "
            "This is larger than mCompositionString.Length()=%lu",
            i + 1, current, mCompositionString.Length()));
         current = int32_t(mCompositionString.Length());
       }
 
       uint32_t length = current - lastOffset;
+      if (NS_WARN_IF(lastOffset >= mAttributeArray.Length())) {
+        MOZ_LOG(gIMMLog, LogLevel::Error,
+          ("DispatchCompositionChangeEvent, FAILED due to invalid data of "
+            "mClauseArray or mAttributeArray"));
+        return;
+      }
       TextRangeType textRangeType =
         PlatformToNSAttr(mAttributeArray[lastOffset]);
       rv = dispatcher->AppendClauseToPendingComposition(length, textRangeType);
       if (NS_WARN_IF(NS_FAILED(rv))) {
         MOZ_LOG(gIMMLog, LogLevel::Error,
           ("DispatchCompositionChangeEvent, FAILED due to"
            "TextEventDispatcher::AppendClauseToPendingComposition() failure"));
         return;