29 lines
946 B
Diff
29 lines
946 B
Diff
From a928758612e67c4496bd9acf48bf66259c809782 Mon Sep 17 00:00:00 2001
|
|
From: Nika Layzell <nika@thelayzells.com>
|
|
Date: Tue, 07 Jun 2022 17:06:41
|
|
Subject: [PATCH] CVE-2022-34481
|
|
|
|
Conflict:NA
|
|
Reference:https://hg.mozilla.org/mozilla-central/rev/243ca18dc17200998c0c8d21979c15fb930e42fb
|
|
---
|
|
xpcom/ds/nsTArray.h | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/xpcom/ds/nsTArray.h b/xpcom/ds/nsTArray.h
|
|
index 92fe4a4649..10b5241ed1 100644
|
|
--- a/xpcom/ds/nsTArray.h
|
|
+++ b/xpcom/ds/nsTArray.h
|
|
@@ -2461,6 +2461,9 @@ auto nsTArray_Impl<E, Alloc>::ReplaceElementsAtInternal(index_type aStart,
|
|
if (MOZ_UNLIKELY(aStart > Length())) {
|
|
InvalidArrayIndex_CRASH(aStart, Length());
|
|
}
|
|
+ if (MOZ_UNLIKELY(aCount > Length() - aStart)) {
|
|
+ InvalidArrayIndex_CRASH(aStart + aCount, Length());
|
|
+ }
|
|
|
|
// Adjust memory allocation up-front to catch errors.
|
|
if (!ActualAlloc::Successful(this->template EnsureCapacity<ActualAlloc>(
|
|
--
|
|
2.27.0
|
|
|