From 271f1ef600c06a74471665a040c9473d9f7a9a36 Mon Sep 17 00:00:00 2001 From: Valentin Gosu Date: Tue, 5 Jun 2018 16:37:34 +0200 Subject: Sanity-check in nsStandardURL::Deserialize(). r=mayhemer, a=RyanVM Also add test for faulty nsStandardURL deserialization. See Bug 1392739. --- netwerk/base/nsStandardURL.cpp | 4 +++- netwerk/test/gtest/TestStandardURL.cpp | 16 ++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/netwerk/base/nsStandardURL.cpp b/netwerk/base/nsStandardURL.cpp index e2a290e4d..dff4ecbc0 100644 --- a/netwerk/base/nsStandardURL.cpp +++ b/netwerk/base/nsStandardURL.cpp @@ -3455,8 +3455,10 @@ FromIPCSegment(const nsACString& aSpec, const ipc::StandardURLSegment& aSegment, return false; } + CheckedInt segmentLen = aSegment.position(); + segmentLen += aSegment.length(); // Make sure the segment does not extend beyond the spec. - if (NS_WARN_IF(aSegment.position() + aSegment.length() > aSpec.Length())) { + if (NS_WARN_IF(!segmentLen.isValid() || segmentLen.value() > aSpec.Length())) { return false; } diff --git a/netwerk/test/gtest/TestStandardURL.cpp b/netwerk/test/gtest/TestStandardURL.cpp index ccab556a9..a013f351c 100644 --- a/netwerk/test/gtest/TestStandardURL.cpp +++ b/netwerk/test/gtest/TestStandardURL.cpp @@ -4,8 +4,11 @@ #include "nsCOMPtr.h" #include "nsNetCID.h" #include "nsIURL.h" +#include "nsIStandardURL.h" #include "nsString.h" #include "nsComponentManagerUtils.h" +#include "nsIIPCSerializableURI.h" +#include "mozilla/ipc/URIUtils.h" TEST(TestStandardURL, Simple) { nsCOMPtr url( do_CreateInstance(NS_STANDARDURL_CONTRACTID) ); @@ -67,3 +70,16 @@ MOZ_GTEST_BENCH(TestStandardURL, Perf, [] { url->GetRef(out); } }); + +TEST(TestStandardURL, Deserialize_Bug1392739) +{ + mozilla::ipc::StandardURLParams standard_params; + standard_params.urlType() = nsIStandardURL::URLTYPE_STANDARD; + standard_params.spec() = NS_LITERAL_CSTRING(""); + standard_params.host() = mozilla::ipc::StandardURLSegment(4294967295, 1); + + mozilla::ipc::URIParams params(standard_params); + + nsCOMPtr url = do_CreateInstance(NS_STANDARDURL_CID); + ASSERT_EQ(url->Deserialize(params), false); +} -- cgit v1.2.3