diff options
author | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2018-04-29 09:07:42 +0200 |
---|---|---|
committer | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2018-04-29 09:07:42 +0200 |
commit | aff03b0a67c41cf7af5df9c9eef715a8b27a2667 (patch) | |
tree | aa2909ae4718f81c83c8cfb68c1f5a23485b3173 /security/nss/lib/dbm/src | |
parent | bdb4ff581677ad1cd411b55a68c87534f9a64882 (diff) | |
parent | 11caf6ecb3cb8c84d2355a6c6e9580a290147e92 (diff) | |
download | UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.tar UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.tar.gz UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.tar.lz UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.tar.xz UXP-aff03b0a67c41cf7af5df9c9eef715a8b27a2667.zip |
Merge branch 'master' of https://github.com/MoonchildProductions/UXP into js_dom_performance-resource-timing_1
Diffstat (limited to 'security/nss/lib/dbm/src')
-rw-r--r-- | security/nss/lib/dbm/src/h_page.c | 15 | ||||
-rw-r--r-- | security/nss/lib/dbm/src/hash.c | 3 |
2 files changed, 2 insertions, 16 deletions
diff --git a/security/nss/lib/dbm/src/h_page.c b/security/nss/lib/dbm/src/h_page.c index e5623224b..bf1252aeb 100644 --- a/security/nss/lib/dbm/src/h_page.c +++ b/security/nss/lib/dbm/src/h_page.c @@ -426,9 +426,6 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp, last_bfp = NULL; scopyto = (uint16)copyto; /* ANSI */ - if (ino[0] < 1) { - return DATABASE_CORRUPTED_ERROR; - } n = ino[0] - 1; while (n < ino[0]) { @@ -466,13 +463,7 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp, * Fix up the old page -- the extra 2 are the fields * which contained the overflow information. */ - if (ino[0] < (moved + 2)) { - return DATABASE_CORRUPTED_ERROR; - } ino[0] -= (moved + 2); - if (scopyto < sizeof(uint16) * (ino[0] + 3)) { - return DATABASE_CORRUPTED_ERROR; - } FREESPACE(ino) = scopyto - sizeof(uint16) * (ino[0] + 3); OFFSET(ino) = scopyto; @@ -495,14 +486,8 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp, for (n = 1; (n < ino[0]) && (ino[n + 1] >= REAL_KEY); n += 2) { cino = (char *)ino; key.data = (uint8 *)cino + ino[n]; - if (off < ino[n]) { - return DATABASE_CORRUPTED_ERROR; - } key.size = off - ino[n]; val.data = (uint8 *)cino + ino[n + 1]; - if (ino[n] < ino[n + 1]) { - return DATABASE_CORRUPTED_ERROR; - } val.size = ino[n] - ino[n + 1]; off = ino[n + 1]; diff --git a/security/nss/lib/dbm/src/hash.c b/security/nss/lib/dbm/src/hash.c index 98b1c07c7..b80aad4d3 100644 --- a/security/nss/lib/dbm/src/hash.c +++ b/security/nss/lib/dbm/src/hash.c @@ -704,7 +704,8 @@ hash_put( return (DBM_ERROR); } - rv = hash_access(hashp, flag == R_NOOVERWRITE ? HASH_PUTNEW : HASH_PUT, + rv = hash_access(hashp, flag == R_NOOVERWRITE ? HASH_PUTNEW + : HASH_PUT, (DBT *)key, (DBT *)data); if (rv == DATABASE_CORRUPTED_ERROR) { |