diff options
author | Steve Fink <sfink@mozilla.com> | 2022-01-13 09:36:11 +0000 |
---|---|---|
committer | Moonchild <moonchild@palemoon.org> | 2022-04-08 15:00:02 +0200 |
commit | e6a9d13e646260f7c895779dc79a9196aa333a18 (patch) | |
tree | f8b8ad4bf5a488cf4f447012ce4e8dbca6956a67 /js/src | |
parent | 8832bfb62f5cd54ef458480b556481524fcd981c (diff) | |
download | uxp-e6a9d13e646260f7c895779dc79a9196aa333a18.tar.gz |
[js] Add dynamic check for valid serialized length
Diffstat (limited to 'js/src')
-rw-r--r-- | js/src/vm/StructuredClone.cpp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/js/src/vm/StructuredClone.cpp b/js/src/vm/StructuredClone.cpp index 6c082d6065..9cd4f1e072 100644 --- a/js/src/vm/StructuredClone.cpp +++ b/js/src/vm/StructuredClone.cpp @@ -545,6 +545,11 @@ ReadStructuredClone(JSContext* cx, JSStructuredCloneData& data, JS::StructuredCloneScope scope, MutableHandleValue vp, const JSStructuredCloneCallbacks* cb, void* cbClosure) { + if (data.Size() % 8) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_SC_BAD_SERIALIZED_DATA, "misaligned"); + return false; + } SCInput in(cx, data); JSStructuredCloneReader r(in, scope, cb, cbClosure); return r.read(vp); |