Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(345)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: patches/nss-appendava-invalid-read.patch

Issue 15067014: Fix the invalid read (heap-buffer-overflow) error in AppendAVA(). (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/
Patch Set: Sync Created 7 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « nss/lib/certdb/alg1485.c ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 Index: lib/certdb/alg1485.c
2 ===================================================================
3 --- lib/certdb/alg1485.c (revision 199075)
4 +++ lib/certdb/alg1485.c (working copy)
5 @@ -1036,8 +1036,10 @@
6 } else {
7 /* must truncate the escaped and quoted value */
8 char bigTmpBuf[TMPBUF_LEN * 3 + 3];
9 + PORT_Assert(valueLen < sizeof tmpBuf);
10 rv = escapeAndQuote(bigTmpBuf, sizeof bigTmpBuf,
11 - (char *)avaValue->data, valueLen, &mode);
12 + (char *)avaValue->data,
13 + PR_MIN(avaValue->len, valueLen), &mode);
14
15 bigTmpBuf[valueLen--] = '\0'; /* hard stop here */
16 /* See if we're in the middle of a multi-byte UTF8 character */
OLDNEW
« no previous file with comments | « nss/lib/certdb/alg1485.c ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698