diff options
| author | Ben Murdoch <benm@google.com> | 2010-10-21 11:46:18 -0700 |
|---|---|---|
| committer | Android Git Automerger <android-git-automerger@android.com> | 2010-10-21 11:46:18 -0700 |
| commit | 219c89f043c10eba31fc94db69a8136bbc115d1d (patch) | |
| tree | f1fb03a9622f0d171bc3c5d2ac20896e87c46ae5 /WebCore | |
| parent | 122a6b03f21c5ec726d905d08531bdb8f1c7a376 (diff) | |
| parent | 3017f37b06cfa16f11a1e986e3c4ecc0c4757c32 (diff) | |
| download | external_webkit-219c89f043c10eba31fc94db69a8136bbc115d1d.zip external_webkit-219c89f043c10eba31fc94db69a8136bbc115d1d.tar.gz external_webkit-219c89f043c10eba31fc94db69a8136bbc115d1d.tar.bz2 | |
am 3017f37b: Cherry-pick WebKit security fix (webkit.org r68705) Do not merge
Merge commit '3017f37b06cfa16f11a1e986e3c4ecc0c4757c32' into gingerbread-plus-aosp
* commit '3017f37b06cfa16f11a1e986e3c4ecc0c4757c32':
Cherry-pick WebKit security fix (webkit.org r68705) Do not merge
Diffstat (limited to 'WebCore')
| -rw-r--r-- | WebCore/dom/Text.cpp | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/WebCore/dom/Text.cpp b/WebCore/dom/Text.cpp index 229fa88..cbf5aa7 100644 --- a/WebCore/dom/Text.cpp +++ b/WebCore/dom/Text.cpp @@ -128,6 +128,8 @@ String Text::wholeText() const continue; const Text* t = static_cast<const Text*>(n); const String& data = t->data(); + if (std::numeric_limits<unsigned>::max() - data.length() < resultLength) + CRASH(); resultLength += data.length(); } UChar* resultData; |