wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Fix for bug 554255 (Limit resource use to something sane). r=sicking, sr=jst.

Browse Source
This commit is contained in:
Peter Van der Beken 2010-04-09 18:59:09 +02:00
parent 0578abb1ad
commit 2bcc2547ea
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
content/xslt/src/xslt/txNodeSorter.cpp
View File

@ -178,7 +178,15 @@ txNodeSorter::sortNodeSet(txNodeSet* aNodes, txExecutionState* aEs,
// Create and set up memoryblock for sort-values and indexarray
PRUint32 len = static_cast<PRUint32>(aNodes->size());
void* mem = PR_Malloc(len * (sizeof(PRUint32) + mNKeys * sizeof(TxObject*)));
// Limit resource use to something sane.
PRUint32 itemSize = sizeof(PRUint32) + mNKeys * sizeof(TxObject*);
if (mNKeys > (PR_UINT32_MAX - sizeof(PRUint32)) / sizeof(TxObject*) ||
len >= PR_UINT32_MAX / itemSize) {
return NS_ERROR_OUT_OF_MEMORY;
}
void* mem = PR_Malloc(len * itemSize);
NS_ENSURE_TRUE(mem, NS_ERROR_OUT_OF_MEMORY);
PRUint32* indexes = static_cast<PRUint32*>(mem);