nsReadableUtils.cpp checks that the substring is shorter than the source string before matching against its head/tail. nsStringAPI.h does not. Note that in neither API does StringHead/Tail validate the new length.
Created attachment 263354 [details] [diff] [review] Proposed patch
Attachment #263354 - Flags: superreview?(darin.moz) → superreview+
Fix checked in.
Status: ASSIGNED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
Fix checked in two days ago but I forgot to mark the bug fixed :-\
You need to log in before you can comment on or make changes to this bug.