diff options
author | Valentin Gosu <valentin.gosu@gmail.com> | 2018-06-05 16:37:34 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-06-07 15:58:59 +0200 |
commit | 271f1ef600c06a74471665a040c9473d9f7a9a36 (patch) | |
tree | 2d6b969e3e6ebe7537b6c2a83d2a33ae35a128a8 | |
parent | fa47c8d42743bc39e8501c4652d228cb8023597c (diff) | |
download | uxp-271f1ef600c06a74471665a040c9473d9f7a9a36.tar.gz |
Sanity-check in nsStandardURL::Deserialize(). r=mayhemer, a=RyanVM
Also add test for faulty nsStandardURL deserialization.
See Bug 1392739.
-rw-r--r-- | netwerk/base/nsStandardURL.cpp | 4 | ||||
-rw-r--r-- | netwerk/test/gtest/TestStandardURL.cpp | 16 |
2 files changed, 19 insertions, 1 deletions
diff --git a/netwerk/base/nsStandardURL.cpp b/netwerk/base/nsStandardURL.cpp index e2a290e4dc..dff4ecbc03 100644 --- a/netwerk/base/nsStandardURL.cpp +++ b/netwerk/base/nsStandardURL.cpp @@ -3455,8 +3455,10 @@ FromIPCSegment(const nsACString& aSpec, const ipc::StandardURLSegment& aSegment, return false; } + CheckedInt<uint32_t> segmentLen = aSegment.position(); + segmentLen += aSegment.length(); // Make sure the segment does not extend beyond the spec. - if (NS_WARN_IF(aSegment.position() + aSegment.length() > aSpec.Length())) { + if (NS_WARN_IF(!segmentLen.isValid() || segmentLen.value() > aSpec.Length())) { return false; } diff --git a/netwerk/test/gtest/TestStandardURL.cpp b/netwerk/test/gtest/TestStandardURL.cpp index ccab556a96..a013f351cf 100644 --- a/netwerk/test/gtest/TestStandardURL.cpp +++ b/netwerk/test/gtest/TestStandardURL.cpp @@ -4,8 +4,11 @@ #include "nsCOMPtr.h" #include "nsNetCID.h" #include "nsIURL.h" +#include "nsIStandardURL.h" #include "nsString.h" #include "nsComponentManagerUtils.h" +#include "nsIIPCSerializableURI.h" +#include "mozilla/ipc/URIUtils.h" TEST(TestStandardURL, Simple) { nsCOMPtr<nsIURL> url( do_CreateInstance(NS_STANDARDURL_CONTRACTID) ); @@ -67,3 +70,16 @@ MOZ_GTEST_BENCH(TestStandardURL, Perf, [] { url->GetRef(out); } }); + +TEST(TestStandardURL, Deserialize_Bug1392739) +{ + mozilla::ipc::StandardURLParams standard_params; + standard_params.urlType() = nsIStandardURL::URLTYPE_STANDARD; + standard_params.spec() = NS_LITERAL_CSTRING(""); + standard_params.host() = mozilla::ipc::StandardURLSegment(4294967295, 1); + + mozilla::ipc::URIParams params(standard_params); + + nsCOMPtr<nsIIPCSerializableURI> url = do_CreateInstance(NS_STANDARDURL_CID); + ASSERT_EQ(url->Deserialize(params), false); +} |