summaryrefslogtreecommitdiff
path: root/js/src
diff options
context:
space:
mode:
authorSteve Fink <sfink@mozilla.com>2022-01-13 09:36:11 +0000
committerMoonchild <moonchild@palemoon.org>2022-04-08 15:00:02 +0200
commite6a9d13e646260f7c895779dc79a9196aa333a18 (patch)
treef8b8ad4bf5a488cf4f447012ce4e8dbca6956a67 /js/src
parent8832bfb62f5cd54ef458480b556481524fcd981c (diff)
downloaduxp-e6a9d13e646260f7c895779dc79a9196aa333a18.tar.gz
[js] Add dynamic check for valid serialized length
Diffstat (limited to 'js/src')
-rw-r--r--js/src/vm/StructuredClone.cpp5
1 files changed, 5 insertions, 0 deletions
diff --git a/js/src/vm/StructuredClone.cpp b/js/src/vm/StructuredClone.cpp
index 6c082d6065..9cd4f1e072 100644
--- a/js/src/vm/StructuredClone.cpp
+++ b/js/src/vm/StructuredClone.cpp
@@ -545,6 +545,11 @@ ReadStructuredClone(JSContext* cx, JSStructuredCloneData& data,
JS::StructuredCloneScope scope, MutableHandleValue vp,
const JSStructuredCloneCallbacks* cb, void* cbClosure)
{
+ if (data.Size() % 8) {
+ JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr,
+ JSMSG_SC_BAD_SERIALIZED_DATA, "misaligned");
+ return false;
+ }
SCInput in(cx, data);
JSStructuredCloneReader r(in, scope, cb, cbClosure);
return r.read(vp);