From 717be395fda0a4fb9d83afb772a45c5f5fdb5271 Mon Sep 17 00:00:00 2001 From: Gaming4JC Date: Mon, 2 Dec 2019 22:13:37 -0500 Subject: Bug 1509685 - Add more bounds checking in nsMsgDBView::UpdateDisplayMessage() to avoid crashes Tag #1311 --- mailnews/base/src/nsMsgDBView.cpp | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'mailnews') diff --git a/mailnews/base/src/nsMsgDBView.cpp b/mailnews/base/src/nsMsgDBView.cpp index 6793ba95a..5b82390c0 100644 --- a/mailnews/base/src/nsMsgDBView.cpp +++ b/mailnews/base/src/nsMsgDBView.cpp @@ -1136,6 +1136,8 @@ nsresult nsMsgDBView::UpdateDisplayMessage(nsMsgViewIndex viewPosition) NS_ENSURE_SUCCESS(rv,rv); nsString subject; + if (viewPosition >= (nsMsgViewIndex)m_flags.Length()) + return NS_MSG_INVALID_DBVIEW_INDEX; FetchSubject(msgHdr, m_flags[viewPosition], subject); nsCString keywords; @@ -1148,6 +1150,8 @@ nsresult nsMsgDBView::UpdateDisplayMessage(nsMsgViewIndex viewPosition) if (folder) { + if (viewPosition >= (nsMsgViewIndex)m_keys.Length()) + return NS_MSG_INVALID_DBVIEW_INDEX; rv = folder->SetLastMessageLoaded(m_keys[viewPosition]); NS_ENSURE_SUCCESS(rv,rv); } @@ -1175,6 +1179,8 @@ NS_IMETHODIMP nsMsgDBView::LoadMessageByViewIndex(nsMsgViewIndex aViewIndex) nsCOMPtr messenger (do_QueryReferent(mMessengerWeak)); NS_ENSURE_TRUE(messenger, NS_ERROR_FAILURE); messenger->OpenURL(uri); + if (aViewIndex >= (nsMsgViewIndex)m_keys.Length()) + return NS_MSG_INVALID_DBVIEW_INDEX; m_currentlyDisplayedMsgKey = m_keys[aViewIndex]; m_currentlyDisplayedMsgUri = uri; m_currentlyDisplayedViewIndex = aViewIndex; -- cgit v1.2.3