potential overflow (PRUint32 -> PRInt32) in copy_string (nsAlgorithm.h)

RESOLVED INVALID

Status

()

Core
String
P3
normal
RESOLVED INVALID
17 years ago
17 years ago

People

(Reporter: Peter ``jag'' Annema, Assigned: Peter ``jag'' Annema)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Assignee)

Description

17 years ago
In copy_string in nsAlgorithm.h:

        PRUint32 count_copied = PRUint32(sink_traits::write(result,
source_traits::read(first), source_traits::readable_distance(first, last)));

The return value of |sink_traits::write(...)| is a PRUint32, |count_copied|
should be PRUint32.
(Assignee)

Comment 1

17 years ago
Created attachment 20656 [details] [diff] [review]
[patch] fix count_copied to be PRUint32
Since nsCharSinkTraits::write already returns a PRUint32, shouldn't you drop the
cast?
And what happens if the difference_type of the InputIterator is PRInt32?

What bug is this fixing?
(Assignee)

Comment 4

17 years ago
Hrm, seeing how advance takes PRInt32 (or equivalent), this patch is bogus.
Marking invalid.
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.