wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

b=990794 crash on ovrfl in SharedBuffer::Create() r=roc

Browse Source 
--HG--
extra : transplant_source : %3F%C2%21%06%C0%A8Z%14%93%82%90%2CT%CE%3E%EC%C2%D0%E4W
This commit is contained in:
Karl Tomlinson 2014-04-03 21:12:29 +13:00
parent fa8d37ebe7
commit b3a94d7758
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
content/media/SharedBuffer.h
View File

@ -6,6 +6,7 @@
#ifndef MOZILLA_SHAREDBUFFER_H_
#define MOZILLA_SHAREDBUFFER_H_
#include "mozilla/CheckedInt.h"
#include "mozilla/mozalloc.h"
#include "nsCOMPtr.h"
#include "nsAutoPtr.h"
@ -39,7 +40,12 @@ public:
static already_AddRefed<SharedBuffer> Create(size_t aSize)
{
void* m = moz_xmalloc(sizeof(SharedBuffer) + aSize);
CheckedInt<size_t> size = sizeof(SharedBuffer);
size += aSize;
if (!size.isValid()) {
MOZ_CRASH();
}
void* m = moz_xmalloc(size.value());
nsRefPtr<SharedBuffer> p = new (m) SharedBuffer();
NS_ASSERTION((reinterpret_cast<char*>(p.get() + 1) - reinterpret_cast<char*>(p.get())) % 4 == 0,
"SharedBuffers should be at least 4-byte aligned");