зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1299686 - Fix crash in nsScriptLoader.cpp. r=smaug
--HG-- extra : rebase_source : 9ba5328cd6d907dec2a4c95b5d557cad0317e44e
This commit is contained in:
Родитель
e4e57ddb6e
Коммит
0563a867cb
|
@ -2893,8 +2893,11 @@ nsScriptLoadHandler::TryDecodeRawData(const uint8_t* aData,
|
|||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
uint32_t haveRead = mBuffer.length();
|
||||
uint32_t capacity = haveRead + dstLen;
|
||||
if (!mBuffer.reserve(capacity)) {
|
||||
|
||||
CheckedInt<uint32_t> capacity = haveRead;
|
||||
capacity += dstLen;
|
||||
|
||||
if (!capacity.isValid() || !mBuffer.reserve(capacity.value())) {
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
|
@ -2906,7 +2909,7 @@ nsScriptLoadHandler::TryDecodeRawData(const uint8_t* aData,
|
|||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
haveRead += dstLen;
|
||||
MOZ_ASSERT(haveRead <= capacity, "mDecoder produced more data than expected");
|
||||
MOZ_ASSERT(haveRead <= capacity.value(), "mDecoder produced more data than expected");
|
||||
MOZ_ALWAYS_TRUE(mBuffer.resizeUninitialized(haveRead));
|
||||
|
||||
return NS_OK;
|
||||
|
|
Загрузка…
Ссылка в новой задаче