Closed
Bug 301643
Opened 19 years ago
Closed 19 years ago
Off-by-one in mar_consume_index
Categories
(Toolkit :: Application Update, defect)
Tracking
()
RESOLVED
FIXED
mozilla1.8final
People
(Reporter: madmoose, Assigned: darin.moz)
References
()
Details
(Keywords: fixed1.8)
Attachments
(1 file)
1.17 KB,
patch
|
benjamin
:
review+
benjamin
:
approval1.8b4+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b2) Gecko/20050704 Firefox/1.0+
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b2) Gecko/20050704 Firefox/1.0+
When reading in an entry in a .mar index, mar_consume_index verifies the
existance of 2 PRUint's, and a name of at least 1 byte and a null byte. It then
proceeds to read in 3 PRUint's and a name.
See http://lxr.mozilla.org/seamonkey/source/modules/libmar/src/mar_read.c#114
Reproducible: Always
Steps to Reproduce:
Assignee | ||
Comment 1•19 years ago
|
||
thanks for the bug report. -> me
Assignee: nobody → darin
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee | ||
Comment 2•19 years ago
|
||
This bug was introduced when I extended the MAR file format to include the flags
field. It's a fairly minor bug as there should be no way for Firefox to read a
malicious or corrupt MAR file.
Status: NEW → ASSIGNED
Target Milestone: --- → Firefox1.1
Assignee | ||
Comment 3•19 years ago
|
||
Attachment #190490 -
Flags: review?(benjamin)
Updated•19 years ago
|
Attachment #190490 -
Flags: review?(benjamin) → review+
Assignee | ||
Updated•19 years ago
|
Attachment #190490 -
Flags: approval1.8b4?
Updated•19 years ago
|
Attachment #190490 -
Flags: approval1.8b4? → approval1.8b4+
Assignee | ||
Comment 4•19 years ago
|
||
fixed-on-trunk
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Updated•16 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•