From 5df47986a3b1e6e0776f72b9766e66338b9ff661 Mon Sep 17 00:00:00 2001
From: "timeless%mozdev.org" <timeless%mozdev.org>
Date: Wed, 3 Aug 2005 17:56:43 +0000
Subject: [PATCH] Bug 303213 integer overflow in js patch by brendan r=mrbkap
 a=brendan

---
 js/src/jsstr.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/js/src/jsstr.c b/js/src/jsstr.c
index d7411b196a1f..d11455358351 100644
--- a/js/src/jsstr.c
+++ b/js/src/jsstr.c
@@ -363,6 +363,11 @@ js_str_escape(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval
         }
     }
 
+    if (newlength >= ~(size_t)0 / sizeof(jschar)) {
+        JS_ReportOutOfMemory(cx);
+        return JS_FALSE;
+    }
+
     newchars = (jschar *) JS_malloc(cx, (newlength + 1) * sizeof(jschar));
     if (!newchars)
         return JS_FALSE;