mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-19 08:15:31 +00:00
Bug 1188234, part 2 - Add bounds checking in nsXULPrototypeElement::Deserialize(). r=smaug
Make sure we don't do an out-of-bounds read if we read out a bogus value.
This commit is contained in:
parent
b47cfa38e0
commit
1403dc04f6
@ -2307,7 +2307,7 @@ nsXULPrototypeElement::Deserialize(nsIObjectInputStream* aStream,
|
||||
// Read Node Info
|
||||
uint32_t number = 0;
|
||||
nsresult rv = aStream->Read32(&number);
|
||||
mNodeInfo = aNodeInfos->ElementAt(number);
|
||||
mNodeInfo = aNodeInfos->SafeElementAt(number, nullptr);
|
||||
if (!mNodeInfo)
|
||||
return NS_ERROR_UNEXPECTED;
|
||||
|
||||
@ -2330,7 +2330,7 @@ nsXULPrototypeElement::Deserialize(nsIObjectInputStream* aStream,
|
||||
if (NS_FAILED(tmp)) {
|
||||
rv = tmp;
|
||||
}
|
||||
mozilla::dom::NodeInfo* ni = aNodeInfos->ElementAt(number);
|
||||
mozilla::dom::NodeInfo* ni = aNodeInfos->SafeElementAt(number, nullptr);
|
||||
if (!ni)
|
||||
return NS_ERROR_UNEXPECTED;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user