Bug 1356025 - Add Capacity checks to nsTSubstring constructor. r=froydnj, a=gchang
authorEric Rahm <erahm@mozilla.com>
Mon, 15 May 2017 16:52:43 -0700
changeset 396362 1094b15fa46efd628f614fd20c03b3d3b4dd741f
parent 396361 8349864eb2bb21f679b4be9da7f8f9c418b6a290
child 396363 82fcc3b1242af487f8faa04da0f0abebf479755a
push id1468
push userasasaki@mozilla.com
push dateMon, 05 Jun 2017 19:31:07 +0000
treeherdermozilla-release@0641fc6ee9d1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersfroydnj, gchang
bugs1356025
milestone54.0
Bug 1356025 - Add Capacity checks to nsTSubstring constructor. r=froydnj, a=gchang MozReview-Commit-ID: 6RIwuvalcRz
xpcom/string/nsTSubstring.cpp
xpcom/string/nsTSubstring.h
--- a/xpcom/string/nsTSubstring.cpp
+++ b/xpcom/string/nsTSubstring.cpp
@@ -18,16 +18,18 @@ const nsTSubstring_CharT::size_type nsTS
 
 #ifdef XPCOM_STRING_CONSTRUCTOR_OUT_OF_LINE
 nsTSubstring_CharT::nsTSubstring_CharT(char_type* aData, size_type aLength,
                                        uint32_t aFlags)
   : mData(aData),
     mLength(aLength),
     mFlags(aFlags)
 {
+  MOZ_RELEASE_ASSERT(CheckCapacity(aLength), "String is too large.");
+
   if (aFlags & F_OWNED) {
     STRING_STAT_INCREMENT(Adopt);
     MOZ_LOG_CTOR(mData, "StringAdopt", 1);
   }
 }
 #endif /* XPCOM_STRING_CONSTRUCTOR_OUT_OF_LINE */
 
 /**
--- a/xpcom/string/nsTSubstring.h
+++ b/xpcom/string/nsTSubstring.h
@@ -870,16 +870,17 @@ public:
   nsTSubstring_CharT(char_type* aData, size_type aLength, uint32_t aFlags);
 #else
 #undef XPCOM_STRING_CONSTRUCTOR_OUT_OF_LINE
   nsTSubstring_CharT(char_type* aData, size_type aLength, uint32_t aFlags)
     : mData(aData)
     , mLength(aLength)
     , mFlags(aFlags)
   {
+    MOZ_RELEASE_ASSERT(CheckCapacity(aLength), "String is too large.");
   }
 #endif /* DEBUG || FORCE_BUILD_REFCNT_LOGGING */
 
   size_t SizeOfExcludingThisIfUnshared(mozilla::MallocSizeOf aMallocSizeOf)
   const;
   size_t SizeOfIncludingThisIfUnshared(mozilla::MallocSizeOf aMallocSizeOf)
   const;