Bug 1484987 - Avoid writing past the logical length of a string in XPCOM. r=froydnj

MozReview-Commit-ID: 3qkhOiQduLQ Differential Revision: https://phabricator.services.mozilla.com/D3883 --HG-- extra : moz-landing-system : lando
2024-10-16 23:05:42 +00:00 · 2018-08-28 14:29:40 +00:00 · 2018-08-28 14:29:40 +00:00 · 5969209bdc
commit 5969209bdc
parent e1f43883a7
2 changed files with 21 additions and 22 deletions
--- a/xpcom/io/Base64.cpp
+++ b/xpcom/io/Base64.cpp
@ -391,16 +391,14 @@ Base64EncodeHelper(const T& aBinary, T& aBase64)

  uint32_t base64Len = ((aBinary.Length() + 2) / 3) * 4;

-  // Add one byte for null termination.
-  if (!aBase64.SetCapacity(base64Len + 1, fallible)) {
-    return NS_ERROR_OUT_OF_MEMORY;
+  nsresult rv;
+  auto handle = aBase64.BulkWrite(base64Len, 0, false, rv);
+  if (NS_FAILED(rv)) {
+    return rv;
  }

-  typename T::char_type* base64 = aBase64.BeginWriting();
-  Encode(aBinary.BeginReading(), aBinary.Length(), base64);
-  base64[base64Len] = '\0';
-
-  aBase64.SetLength(base64Len);
+  Encode(aBinary.BeginReading(), aBinary.Length(), handle.Elements());
+  handle.Finish(base64Len, false);
  return NS_OK;
 }

@ -575,20 +573,19 @@ Base64DecodeString(const T& aBase64, T& aBinary)

  uint32_t binaryLen = ((aBase64.Length() * 3) / 4);

-  // Add one byte for null termination.
-  if (!aBinary.SetCapacity(binaryLen + 1, fallible)) {
-    return NS_ERROR_OUT_OF_MEMORY;
-  }
-
-  typename T::char_type* binary = aBinary.BeginWriting();
-  nsresult rv = Base64DecodeHelper(aBase64.BeginReading(), aBase64.Length(),
-                                   binary, &binaryLen);
-  if (NS_FAILED(rv)) {
-    aBinary.Truncate();
+  nsresult rv;
+  auto handle = aBinary.BulkWrite(binaryLen, 0, false, rv);
+  if(NS_FAILED(rv)) {
    return rv;
  }

-  aBinary.SetLength(binaryLen);
+  rv = Base64DecodeHelper(aBase64.BeginReading(), aBase64.Length(),
+                          handle.Elements(), &binaryLen);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  handle.Finish(binaryLen, true);
  return NS_OK;
 }

--- a/xpcom/io/nsStorageStream.cpp
+++ b/xpcom/io/nsStorageStream.cpp
@ -585,13 +585,15 @@ nsStorageInputStream::Serialize(InputStreamParams& aParams, FileDescriptorArray&
  rv = Available(&remaining);
  MOZ_ASSERT(NS_SUCCEEDED(rv));

-  combined.SetCapacity(remaining);
+  auto handle = combined.BulkWrite(remaining, 0, false, rv);
+  MOZ_ASSERT(NS_SUCCEEDED(rv));
+
  uint32_t numRead = 0;

-  rv = Read(combined.BeginWriting(), remaining, &numRead);
+  rv = Read(handle.Elements(), remaining, &numRead);
  MOZ_ASSERT(NS_SUCCEEDED(rv));
  MOZ_ASSERT(numRead == remaining);
-  combined.SetLength(numRead);
+  handle.Finish(numRead, false);

  rv = Seek(NS_SEEK_SET, offset);
  MOZ_ASSERT(NS_SUCCEEDED(rv));