Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2393)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: runtime/platform/json.cc

Issue 10800024: Fix Dart_GetClassInfo (Closed) Base URL: http://dart.googlecode.com/svn/branches/bleeding_edge/dart/
Patch Set: Created 8 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | runtime/vm/debugger_api_impl.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: runtime/platform/json.cc
===================================================================
--- runtime/platform/json.cc (revision 9751)
+++ runtime/platform/json.cc (working copy)
@@ -362,7 +362,6 @@
static const uint32_t kMaxFourByteChar = 0x10FFFF;
static const uint32_t kMask = ~(1 << 6);
- EnsureCapacity(sizeof(ch));
if (ch <= kMaxOneByteChar) {
EnsureCapacity(1);
buf_[msg_len_++] = ch;
@@ -462,6 +461,10 @@
intptr_t remaining = buf_size_ - msg_len_;
if (remaining <= len) {
const int kBufferSpareCapacity = 64; // Somewhat arbitrary.
+ // TODO(turnidge): do we need to guard against overflow or other
+ // security issues here? Text buffers are used by the debugger
+ // to send user-controlled data (e.g. values of string variables) to
+ // the debugger front-end.
intptr_t new_size = buf_size_ + len + kBufferSpareCapacity;
char* new_buf = reinterpret_cast<char*>(realloc(buf_, new_size));
ASSERT(new_buf != NULL);
« no previous file with comments | « no previous file | runtime/vm/debugger_api_impl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698