Bug 1289397 - prevent overflow in CacheFileChunk::UpdateDataSize. r=valentin
authorAndi-Bogdan Postelnicu <bpostelnicu@mozilla.com>
Tue, 26 Jul 2016 15:29:16 +0300
changeset 348801 54c8557ec453a787f045d79164bead2e5f95cee7
parent 348744 81e206ee8ba75828af38658f5485cacdea04a921
child 348802 8f1980fa5bee8fe994c59dbb494e8da561c1145c
push id1230
push userjlund@mozilla.com
push dateMon, 31 Oct 2016 18:13:35 +0000
treeherdermozilla-release@5e06e3766db2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersvalentin
bugs1289397
milestone50.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1289397 - prevent overflow in CacheFileChunk::UpdateDataSize. r=valentin MozReview-Commit-ID: HCZD9tkSr9I
netwerk/cache2/CacheFileChunk.cpp
--- a/netwerk/cache2/CacheFileChunk.cpp
+++ b/netwerk/cache2/CacheFileChunk.cpp
@@ -582,17 +582,17 @@ CacheFileChunk::UpdateDataSize(uint32_t 
   // and we never write data anymore once some error occurs.
   MOZ_ASSERT(NS_SUCCEEDED(mStatus));
 
   LOG(("CacheFileChunk::UpdateDataSize() [this=%p, offset=%d, len=%d]",
        this, aOffset, aLen));
 
   mIsDirty = true;
 
-  int64_t fileSize = kChunkSize * mIndex + aOffset + aLen;
+  int64_t fileSize = static_cast<int64_t>(kChunkSize) * mIndex + aOffset + aLen;
   bool notify = false;
 
   if (fileSize > mFile->mDataSize) {
     mFile->mDataSize = fileSize;
     notify = true;
   }
 
   if (mState == READY || mState == WRITING) {