Closed Bug 301643 Opened 19 years ago Closed 19 years ago

Off-by-one in mar_consume_index

Categories

(Toolkit :: Application Update, defect)

PowerPC
macOS
defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla1.8final

People

(Reporter: madmoose, Assigned: darin.moz)

References

()

Details

(Keywords: fixed1.8)

Attachments

(1 file)

User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b2) Gecko/20050704 Firefox/1.0+ Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b2) Gecko/20050704 Firefox/1.0+ When reading in an entry in a .mar index, mar_consume_index verifies the existance of 2 PRUint's, and a name of at least 1 byte and a null byte. It then proceeds to read in 3 PRUint's and a name. See http://lxr.mozilla.org/seamonkey/source/modules/libmar/src/mar_read.c#114 Reproducible: Always Steps to Reproduce:
thanks for the bug report. -> me
Assignee: nobody → darin
Status: UNCONFIRMED → NEW
Ever confirmed: true
Blocks: 296303
This bug was introduced when I extended the MAR file format to include the flags field. It's a fairly minor bug as there should be no way for Firefox to read a malicious or corrupt MAR file.
Status: NEW → ASSIGNED
Target Milestone: --- → Firefox1.1
Attached patch v1 patchSplinter Review
Attachment #190490 - Flags: review?(benjamin)
Attachment #190490 - Flags: review?(benjamin) → review+
Attachment #190490 - Flags: approval1.8b4?
Attachment #190490 - Flags: approval1.8b4? → approval1.8b4+
fixed-on-trunk
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Keywords: fixed1.8
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: