Bug 1172189 - Fix overflow in nsXULContentSink.cpp. r=ehsan

This commit is contained in:
Andrea Marchesini 2015-06-12 10:06:19 -04:00
parent fa57b1cb74
commit 66ac2c8e93

View File

@ -1024,7 +1024,13 @@ XULContentSinkImpl::AddText(const char16_t* aText,
return rv; return rv;
} }
} else { } else {
mTextSize += aLength; CheckedInt32 size = mTextSize;
size += aLength;
if (!size.isValid()) {
return NS_ERROR_OUT_OF_MEMORY;
}
mTextSize = size.value();
mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize);
if (nullptr == mText) { if (nullptr == mText) {
return NS_ERROR_OUT_OF_MEMORY; return NS_ERROR_OUT_OF_MEMORY;