Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-03-03 15:26:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bug 164695 prevent heap overrun if jar manifest file has size -1 (corrupt/malicious archive). Also fixes unrelated potential memory leak. r=mstoltz, sr=darin, a=roc

Browse Source
This commit is contained in:
dveditz%netscape.com 2002-10-31 06:23:52 +00:00
parent 3d5579582f
commit e37635e2c0
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
modules/libjar/nsJAR.cpp
View File

@ -424,13 +424,18 @@ nsJAR::LoadEntry(const char* aFilename, char** aBuf, PRUint32* aBufLen)
PRUint32 len;
rv = manifestStream->Available(&len);
if (NS_FAILED(rv)) return rv;
if (len == PRUint32(-1))
return NS_ERROR_FILE_CORRUPTED; // bug 164695
buf = (char*)PR_MALLOC(len+1);
if (!buf) return NS_ERROR_OUT_OF_MEMORY;
PRUint32 bytesRead;
rv = manifestStream->Read(buf, len, &bytesRead);
if (bytesRead != len)
rv = NS_ERROR_FILE_CORRUPTED;
if (NS_FAILED(rv)) return rv;
if (NS_FAILED(rv)) {
PR_FREEIF(buf);
return rv;
}
buf[len] = '\0'; //Null-terminate the buffer
*aBuf = buf;
if (aBufLen)