Bug 1371891 - Use CheckedInt to compute guess for the location of -> in FTP parser. r=michal
authorAndrew McCreight <continuation@gmail.com>
Mon, 09 Oct 2017 13:50:02 -0400
changeset 427734 60bcd543f1420cb140fbd7c4363ff9fd9018f55f
parent 427731 3959033a31666770047dd460979032464a48ba66
child 427735 d4496b8befbf0ef5ae124a9fbda37ad5b885f9e1
push id97
push userfmarier@mozilla.com
push dateSat, 14 Oct 2017 01:12:59 +0000
reviewersmichal
bugs1371891
milestone58.0a1
Bug 1371891 - Use CheckedInt to compute guess for the location of -> in FTP parser. r=michal
netwerk/streamconv/converters/ParseFTPList.cpp
--- a/netwerk/streamconv/converters/ParseFTPList.cpp
+++ b/netwerk/streamconv/converters/ParseFTPList.cpp
@@ -5,21 +5,24 @@
 
 #include "ParseFTPList.h"
 #include <stdlib.h>
 #include <string.h>
 #include <ctype.h>
 #include "plstr.h"
 #include "nsDebug.h"
 #include "prprf.h"
+#include "mozilla/CheckedInt.h"
 #include "mozilla/IntegerPrintfMacros.h"
 #include "mozilla/Sprintf.h"
 
 /* ==================================================================== */
 
+using mozilla::CheckedInt;
+
 static inline int ParsingFailed(struct list_state *state)
 {
   if (state->parsed_one || state->lstyle) /* junk if we fail to parse */
     return '?';      /* this time but had previously parsed successfully */
   return '"';        /* its part of a comment or error message */
 }
 
 int ParseFTPList(const char *line, struct list_state *state,
@@ -1187,24 +1190,27 @@ int ParseFTPList(const char *line, struc
 
         result->fe_fnlen = (&(line[linelen]))
                            - (result->fe_fname);
 
         if (result->fe_type == 'l' && result->fe_fnlen > 4)
         {
           /* First try to use result->fe_size to find " -> " sequence.
              This can give proper result for cases like "aaa -> bbb -> ccc". */
-          uint32_t fe_size = atoi(result->fe_size);
+          uintptr_t fe_size = atoi(result->fe_size);
+          CheckedInt<uintptr_t> arrow_start(result->fe_fnlen);
+          arrow_start -= fe_size;
+          arrow_start -= 4;
 
-          if (result->fe_fnlen > (fe_size + 4) &&
-              PL_strncmp(result->fe_fname + result->fe_fnlen - fe_size - 4 , " -> ", 4) == 0)
+          if (arrow_start.isValid() &&
+              PL_strncmp(result->fe_fname + arrow_start.value(), " -> ", 4) == 0)
           {
             result->fe_lname = result->fe_fname + (result->fe_fnlen - fe_size);
             result->fe_lnlen = (&(line[linelen])) - (result->fe_lname);
-            result->fe_fnlen -= fe_size + 4;
+            result->fe_fnlen = arrow_start.value();
           }
           else
           {
             /* Search for sequence " -> " from the end for case when there are
                more occurrences. F.e. if ftpd returns "a -> b -> c" assume
                "a -> b" as a name. Powerusers can remove unnecessary parts
                manually but there is no way to follow the link when some
                essential part is missing. */