Closed
Bug 396637
Opened 17 years ago
Closed 16 years ago
"ASSERTION: Too few bytes in input" with single-byte UTF-16 data: URL
Categories
(Core :: Internationalization, defect, P2)
Core
Internationalization
Tracking
()
RESOLVED
FIXED
People
(Reporter: jruderman, Assigned: smontagu)
References
()
Details
(Keywords: fixed1.8.1.22, Whiteboard: [sg:low] Read past end of buffer; at worst may expose memory on heap)
Attachments
(1 file)
|
3.91 KB,
patch
|
jshin1987
:
review+
smontagu
:
approval1.9?
|
Details | Diff | Splinter Review |
Steps to reproduce:
1. Load:
data:text/html;charset=utf-16,%41
Result:
###!!! ASSERTION: Too few bytes in input: '*aSrcLength >= 2', file /Users/jruderman/trunk/mozilla/intl/uconv/ucvlatin/nsUCS2BEToUnicode.cpp, line 229
It looks like nsUTF16ToUnicode::Convert then proceeds to read past the end of the string while trying to determine its endianness.
I don't know whether this is a bug in nsUTF16ToUnicode::Convert or a bug in the caller.
|
Assignee | |
Comment 1•17 years ago
|
||
nsUTF16ToUnicode::Convert, I think. Callers of converters shouldn't need to know about the byte structure of encodings.
OS: Mac OS X → All
Hardware: PC → All
|
Reporter | |
Updated•17 years ago
|
Flags: blocking1.9?
Whiteboard: [sg:low] Read past end of buffer; at worst may expose memory on heap
|
||
Updated•17 years ago
|
Flags: blocking1.9? → blocking1.9+
Priority: -- → P2
|
|
Assignee | |
Comment 2•17 years ago
|
||
I'm in two minds whether the Right Thing To Do here is to fail silently or return an error code, but I think the error code is preferable.
Attachment #298097 -
Flags: review?(jshin1987)
|
||
Updated•17 years ago
|
Attachment #298097 -
Flags: review?(jshin1987) → review+
|
||
Comment 3•16 years ago
|
||
Is this ready for checkin? If so, please nominate for approval1.9?
Flags: tracking1.9+ → wanted-next+
|
|
Assignee | |
Comment 4•16 years ago
|
||
Does this need approval? It was marked as blocking 1.9 and I could have checked it in before but since the change is so small I was waiting to check it in together with bug 317126 when that got reviewed.
|
|
Assignee | |
Comment 5•16 years ago
|
||
er, bug 317216
|
|
Assignee | |
Comment 6•16 years ago
|
||
Checked in to trunk, with unit test
Status: NEW → RESOLVED
Closed: 16 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
|
|
Assignee | |
Updated•16 years ago
|
Attachment #298097 -
Flags: approval1.9?
|
||
Updated•15 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•