OSDN Git Service

(root) / android-x86 / external-webkit.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 06081e3) | patch
DO NOT MERGE Use unsigned length when reading data
authorRussell Brenner <russellbrenner@google.com>
Tue, 29 Nov 2011 23:34:08 +0000 (15:34 -0800)
committerRussell Brenner <russellbrenner@google.com>
Wed, 30 Nov 2011 20:05:20 +0000 (12:05 -0800)
commit1adc38d53cef911069a0d08a4049f5be6ea50a93
treeefe5ddd631dc88bd5e11f50a340bffb6e92f253ftree | snapshot
parent06081e3d5c78c73256b49c85d05e7c41d9e2b6f1commit | diff
DO NOT MERGE Use unsigned length when reading data

With a signed length, invalid negative sizes can bypass data limit
checks of the type:

        if (data + length < end)

With an unsigned length, absurdly large lengths will now trigger an
early exit instead of following through into the decoding routine
with a bad length.

Bug: 5143832
Change-Id: I8e4a8d357ee04a36e35ab47d538ce57088734ccf
Source/WebKit/android/jni/WebHistory.cpp diff | blob | history
external/webkit
About OSDN
Find Software
Develop Software
Help