summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/dbm/src/h_page.c
diff options
context:
space:
mode:
authorjanekptacijarabaci <janekptacijarabaci@seznam.cz>2018-04-29 09:07:42 +0200
committerjanekptacijarabaci <janekptacijarabaci@seznam.cz>2018-04-29 09:07:42 +0200
commitaff03b0a67c41cf7af5df9c9eef715a8b27a2667 (patch)
treeaa2909ae4718f81c83c8cfb68c1f5a23485b3173 /security/nss/lib/dbm/src/h_page.c
parentbdb4ff581677ad1cd411b55a68c87534f9a64882 (diff)
parent11caf6ecb3cb8c84d2355a6c6e9580a290147e92 (diff)
downloadUXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.tar
UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.tar.gz
UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.tar.lz
UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.tar.xz
UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.zip
Merge branch 'master' of https://github.com/MoonchildProductions/UXP into js_dom_performance-resource-timing_1
Diffstat (limited to 'security/nss/lib/dbm/src/h_page.c')
-rw-r--r--security/nss/lib/dbm/src/h_page.c15
1 files changed, 0 insertions, 15 deletions
diff --git a/security/nss/lib/dbm/src/h_page.c b/security/nss/lib/dbm/src/h_page.c
index e5623224b..bf1252aeb 100644
--- a/security/nss/lib/dbm/src/h_page.c
+++ b/security/nss/lib/dbm/src/h_page.c
@@ -426,9 +426,6 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp,
last_bfp = NULL;
scopyto = (uint16)copyto; /* ANSI */
- if (ino[0] < 1) {
- return DATABASE_CORRUPTED_ERROR;
- }
n = ino[0] - 1;
while (n < ino[0]) {
@@ -466,13 +463,7 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp,
* Fix up the old page -- the extra 2 are the fields
* which contained the overflow information.
*/
- if (ino[0] < (moved + 2)) {
- return DATABASE_CORRUPTED_ERROR;
- }
ino[0] -= (moved + 2);
- if (scopyto < sizeof(uint16) * (ino[0] + 3)) {
- return DATABASE_CORRUPTED_ERROR;
- }
FREESPACE(ino) =
scopyto - sizeof(uint16) * (ino[0] + 3);
OFFSET(ino) = scopyto;
@@ -495,14 +486,8 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp,
for (n = 1; (n < ino[0]) && (ino[n + 1] >= REAL_KEY); n += 2) {
cino = (char *)ino;
key.data = (uint8 *)cino + ino[n];
- if (off < ino[n]) {
- return DATABASE_CORRUPTED_ERROR;
- }
key.size = off - ino[n];
val.data = (uint8 *)cino + ino[n + 1];
- if (ino[n] < ino[n + 1]) {
- return DATABASE_CORRUPTED_ERROR;
- }
val.size = ino[n] - ino[n + 1];
off = ino[n + 1];