### Security Approval Request * **How easily could an exploit be constructed based on the patch?**: We tried to not just make the `uint32_t` to `size_t` change but made some more refactoring, adding return value and checks also to `EncodeNumber`. Said that, it is quite clear that we handle with limits on copies into memory buffers here, the hope would be that people hunt for the wrong limit. * **Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?**: No * **Which older supported branches are affected by this flaw?**: none * **If not all supported branches, which bug introduced the flaw?**: Bug 1774462 * **Do you have backports for the affected branches?**: No * **If not, how different, hard to create, and risky will they be?**: Not needed, AFAICS. * **How likely is this patch to cause regressions; how much testing does it need?**: Not very likely. The main change is to use `size_t` where appropriate. The additional check in `ENcodeNumber` should be hit only in very rare cases (but is needed). * **Is Android affected?**: Unknown
Bug 1813284 Comment 10 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
### Security Approval Request * **How easily could an exploit be constructed based on the patch?**: We tried to not just make the `uint32_t` to `size_t` change but made some more refactoring, adding return value and checks also to `EncodeNumber`. Said that, it is quite clear that we handle with limits on copies into memory buffers here, the hope would be that people hunt for the wrong limit. * **Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?**: No * **Which older supported branches are affected by this flaw?**: none * **If not all supported branches, which bug introduced the flaw?**: Bug 1774462 * **Do you have backports for the affected branches?**: No * **If not, how different, hard to create, and risky will they be?**: Not needed, AFAICS. * **How likely is this patch to cause regressions; how much testing does it need?**: Not very likely. The main change is to use `size_t` where appropriate. The additional check in `EncodeNumber` should be hit only in very rare cases (but is needed). * **Is Android affected?**: Unknown