Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-12-14 02:31:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix for possible memory overrun - Bug #:20564 - r: jefft

Browse Source
This commit is contained in:
rhp%netscape.com 1999-12-09 01:11:52 +00:00
parent 28b4d9acdd
commit b2596d9e1a
2 changed files with 7 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
mailnews/mime/src/mimetpfl.cpp
View File

@ -251,18 +251,14 @@ MimeInlineTextPlainFlowed_parse_line (char *line, PRInt32 length, MimeObject *ob
status = MimeObject_grow_obuffer (obj, buffersizeneeded);
if (status < 0) return status;
char *templine = (char *)PR_MALLOC(buffersizeneeded);
char *templine = (char *)PR_CALLOC(buffersizeneeded);
if(!templine)
return MIME_OUT_OF_MEMORY;
nsCRT::memset(templine, 0, buffersizeneeded);
/* Copy `line' to `templine', quoting HTML along the way.
Note: this function does no charset conversion; that has already
been done.
*/
templine[0] = '\0';
// *obj->obuffer = 0;
// Copy `line' to `templine', quoting HTML along the way.
// Note: this function does no charset conversion; that has already
// been done.
//
uint32 linequotelevel = 0;
char *linep = line;
// Space stuffed?
@ -295,7 +291,7 @@ MimeInlineTextPlainFlowed_parse_line (char *line, PRInt32 length, MimeObject *ob
return -1;
//XXX I18N Converting char* to PRUnichar*
nsString strline(linep);
nsString strline(linep, (length - (linep - line)) );
PRUnichar* wresult;
rv = conv->ScanTXT(strline.GetUnicode(),

2
mailnews/mime/src/mimetpla.cpp
View File

@ -164,7 +164,7 @@ MimeInlineTextPlain_parse_line (char *line, PRInt32 length, MimeObject *obj)
if (NS_FAILED(rv))
return -1;
nsString strline(line);
nsString strline(line, length);
PRUnichar* wresult;
rv = conv->ScanTXT(strline.GetUnicode(),