Bug 1392739 - Use CheckedInt in nsStandardURL::Deserialize(). r=mayhemer, a=RyanVM
authorValentin Gosu <valentin.gosu@gmail.com>
Mon, 04 Jun 2018 13:57:51 +0200
changeset 473610 c8797e136acf3f69a6f9a3c89e9ed6820b002a3e
parent 473609 a9bd7aeb9874b0c9a9d5788a8b7110dd427321cb
child 473611 6c3374416afc7f4d66dc8a33fc55ca693232368b
push id1728
push userjlund@mozilla.com
push dateMon, 18 Jun 2018 21:12:27 +0000
treeherdermozilla-release@c296fde26f5f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmayhemer, RyanVM
bugs1392739
milestone61.0
Bug 1392739 - Use CheckedInt in nsStandardURL::Deserialize(). r=mayhemer, a=RyanVM
netwerk/base/nsStandardURL.cpp
--- a/netwerk/base/nsStandardURL.cpp
+++ b/netwerk/base/nsStandardURL.cpp
@@ -22,17 +22,16 @@
 #include "mozilla/ipc/URIUtils.h"
 #include "mozilla/TextUtils.h"
 #include <algorithm>
 #include "nsContentUtils.h"
 #include "prprf.h"
 #include "nsReadableUtils.h"
 #include "mozilla/net/MozURL_ffi.h"
 
-
 //
 // setenv MOZ_LOG nsStandardURL:5
 //
 static LazyLogModule gStandardURLLog("nsStandardURL");
 
 // The Chromium code defines its own LOG macro which we don't want
 #undef LOG
 #define LOG(args)     MOZ_LOG(gStandardURLLog, LogLevel::Debug, args)
@@ -3547,18 +3546,20 @@ FromIPCSegment(const nsACString& aSpec, 
         return true;
     }
 
     // A value of -1 means an empty segment, but < -1 is undefined.
     if (NS_WARN_IF(aSegment.length() < -1)) {
         return false;
     }
 
+    CheckedInt<uint32_t> segmentLen = aSegment.position();
+    segmentLen += aSegment.length();
     // Make sure the segment does not extend beyond the spec.
-    if (NS_WARN_IF(aSegment.position() + aSegment.length() > aSpec.Length())) {
+    if (NS_WARN_IF(!segmentLen.isValid() || segmentLen.value() > aSpec.Length())) {
         return false;
     }
 
     aTarget.mPos = aSegment.position();
     aTarget.mLen = aSegment.length();
 
     return true;
 }