WebCore/dom/Text.cpp - Issue 3599013: Merge 68705 - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(1550)

My Issues | Starred Open | Closed | All

Unified Diff: WebCore/dom/Text.cpp

Issue 3599013: Merge 68705 (Closed) Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/517/

Patch Set: Created 10 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: WebCore/dom/Text.cpp

===================================================================

--- WebCore/dom/Text.cpp (revision 69027)

+++ WebCore/dom/Text.cpp (working copy)

@@ -123,6 +123,8 @@

continue;

const Text* t = static_cast<const Text*>(n);

const String& data = t->data();

+ if (std::numeric_limits<unsigned>::max() - data.length() < resultLength)

+ CRASH();

resultLength += data.length();

}

UChar* resultData;

« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698