patches/nss-rc4-invalid-read.patch - Issue 14982004: Add the patch for https://codereview.chromium.org/15027002/.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: patches/nss-rc4-invalid-read.patch

Issue 14982004: Add the patch for https://codereview.chromium.org/15027002/. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/

Patch Set: Created 7 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 Index: nss/lib/freebl/arcfour.c

	2 ===================================================================

	3 --- nss/lib/freebl/arcfour.c (revision 197511)

	4 +++ nss/lib/freebl/arcfour.c (working copy)

	5 @@ -372,7 +372,6 @@

	6 register Stype tmpSi, tmpSj;

	7 register PRUint8 tmpi = cx->i;

	8 register PRUint8 tmpj = cx->j;

	9 - unsigned int byteCount;

	10 unsigned int bufShift, invBufShift;

	11 unsigned int i;

	12 const unsigned char *finalIn;

	13 @@ -390,7 +389,7 @@

	14 *outputLen = inputLen;

	15 pInWord = (const WORD *)(input - inOffset);

	16 pOutWord = (WORD *)(output - outOffset);

	17 - if (inOffset < outOffset) {

	18 + if (inOffset <= outOffset) {

	19 bufShift = 8*(outOffset - inOffset);

	20 invBufShift = 8*WORDSIZE - bufShift;

	21 } else {

	22 @@ -406,7 +405,7 @@

	23 /* least one partial word of input should ALWAYS be loaded. */

	24 /*****************************************************************/

	25 if (outOffset) {

	26 - byteCount = WORDSIZE - outOffset;

	27 + unsigned int byteCount = WORDSIZE - outOffset;

	28 for (i = 0; i < byteCount; i++) {

	29 ARCFOUR_NEXT_BYTE();

	30 output[i] = cx->S[t] ^ input[i];

	31 @@ -466,10 +465,6 @@

	32 inWord = 0;

	33 }

	34 }

	35 - /* Output buffer is aligned, inOffset is now measured relative to

	36 - * outOffset (and not a word boundary).

	37 - */

	38 - inOffset = (inOffset + WORDSIZE - outOffset) % WORDSIZE;

	39 /*****************************************************************/

	40 /* Step 2: main loop */

	41 /* At this point the output buffer is word-aligned. Any unused */

	42 @@ -477,8 +472,13 @@

	43 /* the input buffer is unaligned relative to the output buffer, */

	44 /* shifting has to be done. */

	45 /*****************************************************************/

	46 - if (inOffset) {

	47 - for (; inputLen >= WORDSIZE; inputLen -= WORDSIZE) {

	48 + if (bufShift) {

	49 + /* preloadedByteCount is the number of input bytes pre-loaded

	50 + * in inWord.

	51 + */

	52 + unsigned int preloadedByteCount = bufShift/8;

	53 + for (; inputLen >= preloadedByteCount + WORDSIZE;

	54 + inputLen -= WORDSIZE) {

	55 nextInWord = *pInWord++;

	56 inWord \|= nextInWord RSH bufShift;

	57 nextInWord = nextInWord LSH invBufShift;

	58 @@ -492,7 +492,7 @@

	59 cx->j = tmpj;

	60 return SECSuccess;

	61 }

	62 - finalIn = (const unsigned char *)pInWord - WORDSIZE + inOffset;

	63 + finalIn = (const unsigned char *)pInWord - preloadedByteCount;

	64 } else {

	65 for (; inputLen >= WORDSIZE; inputLen -= WORDSIZE) {

	66 inWord = *pInWord++;

OLD	NEW

« no previous file with comments | « README.chromium ('k') | no next file » | no next file with comments »