From f7e8936e78e7b6c4e0303a01291724b7c66c206a Mon Sep 17 00:00:00 2001
From: Jason Duell <jduell.mcbugs@gmail.com>
Date: Fri, 11 May 2012 02:05:00 -0700
Subject: [PATCH] Bug 742614: Allocation of string is not checked in WebSockets
 text frame parsing. r=bsmith

---
 netwerk/protocol/websocket/WebSocketChannel.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/netwerk/protocol/websocket/WebSocketChannel.cpp b/netwerk/protocol/websocket/WebSocketChannel.cpp
index 9caed53fdc0..adc75811419 100644
--- a/netwerk/protocol/websocket/WebSocketChannel.cpp
+++ b/netwerk/protocol/websocket/WebSocketChannel.cpp
@@ -1050,7 +1050,10 @@ WebSocketChannel::ProcessInput(PRUint8 *buffer, PRUint32 count)
     } else if (opcode == kText) {
       LOG(("WebSocketChannel:: text frame received\n"));
       if (mListener) {
-        nsCString utf8Data((const char *)payload, payloadLength);
+        nsCString utf8Data;
+        if (!utf8Data.Assign((const char *)payload, payloadLength,
+                             mozilla::fallible_t()))
+          return NS_ERROR_OUT_OF_MEMORY;
 
         // Section 8.1 says to fail connection if invalid utf-8 in text message
         if (!IsUTF8(utf8Data, false)) {