Closed
Bug 301643
Opened 19 years ago
Closed 19 years ago
Off-by-one in mar_consume_index
Categories
(Toolkit :: Application Update, defect)
Tracking
()
RESOLVED
FIXED
mozilla1.8final
People
(Reporter: madmoose, Assigned: darin.moz)
References
()
Details
(Keywords: fixed1.8)
Attachments
(1 file)
|
1.17 KB,
patch
|
benjamin
:
review+
benjamin
:
approval1.8b4+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b2) Gecko/20050704 Firefox/1.0+ Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b2) Gecko/20050704 Firefox/1.0+ When reading in an entry in a .mar index, mar_consume_index verifies the existance of 2 PRUint's, and a name of at least 1 byte and a null byte. It then proceeds to read in 3 PRUint's and a name. See http://lxr.mozilla.org/seamonkey/source/modules/libmar/src/mar_read.c#114 Reproducible: Always Steps to Reproduce:
|
Assignee | |
Comment 1•19 years ago
|
||
thanks for the bug report. -> me
Assignee: nobody → darin
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
|
Assignee | |
Comment 2•19 years ago
|
||
This bug was introduced when I extended the MAR file format to include the flags field. It's a fairly minor bug as there should be no way for Firefox to read a malicious or corrupt MAR file.
Status: NEW → ASSIGNED
Target Milestone: --- → Firefox1.1
|
|
Assignee | |
Comment 3•19 years ago
|
||
Attachment #190490 -
Flags: review?(benjamin)
|
||
Updated•19 years ago
|
Attachment #190490 -
Flags: review?(benjamin) → review+
|
|
Assignee | |
Updated•19 years ago
|
Attachment #190490 -
Flags: approval1.8b4?
|
|
||
Updated•19 years ago
|
Attachment #190490 -
Flags: approval1.8b4? → approval1.8b4+
|
|
Assignee | |
Comment 4•19 years ago
|
||
fixed-on-trunk
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
|
||
Updated•16 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•