Not exactly. That overflow was due to `StringBuilder::mLength` overflowing, which was indeed fixed (by turning it into an `CheckedInt`). The problem here is that that various `len + extraSpaceNeeded` computations can overflow, as can the computations of `extraSpaceNeeded` itself. That's why this bug still exists in FF 122.0.
Bug 1880692 Comment 4 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Not exactly. That overflow was due to `StringBuilder::mLength` overflowing, which was indeed fixed (by turning it into an `CheckedInt`). The problem here is that that various `len + extraSpaceNeeded` computations can overflow, as can the computations of `extraSpaceNeeded` itself. That's why this bug still exists in FF 122.0, as opposed to getting fixed in ~66.0.
Not exactly. That overflow was due to `StringBuilder::mLength` overflowing, which was indeed fixed (by turning it into a `CheckedInt`). The problem here is that that various `len + extraSpaceNeeded` computations can overflow, as can the computations of `extraSpaceNeeded` itself. That's why this bug still exists in FF 122.0, as opposed to getting fixed in ~66.0.