| Index: net/cert/crl_set_storage.cc
|
| diff --git a/net/cert/crl_set_storage.cc b/net/cert/crl_set_storage.cc
|
| index 1b11d78e02495da6abe24ba773939fa09b1118cf..2da4f929be96067f7af3c22b50de4bfdd7d9c68a 100644
|
| --- a/net/cert/crl_set_storage.cc
|
| +++ b/net/cert/crl_set_storage.cc
|
| @@ -8,6 +8,7 @@
|
| #include "base/debug/trace_event.h"
|
| #include "base/format_macros.h"
|
| #include "base/json/json_reader.h"
|
| +#include "base/numerics/safe_conversions.h"
|
| #include "base/strings/stringprintf.h"
|
| #include "base/values.h"
|
| #include "crypto/sha2.h"
|
| @@ -517,10 +518,12 @@ std::string CRLSetStorage::Serialize(const CRLSet* crl_set) {
|
| }
|
|
|
| std::string ret;
|
| - char* out = WriteInto(&ret, len + 1 /* to include final NUL */);
|
| + uint8_t* out = reinterpret_cast<uint8_t*>(
|
| + WriteInto(&ret, len + 1 /* to include final NUL */));
|
| size_t off = 0;
|
| - out[off++] = header.size();
|
| - out[off++] = header.size() >> 8;
|
| + CHECK(base::IsValueInRangeForNumericType<uint16>(header.size()));
|
| + out[off++] = static_cast<uint8_t>(header.size());
|
| + out[off++] = static_cast<uint8_t>(header.size() >> 8);
|
| memcpy(out + off, header.data(), header.size());
|
| off += header.size();
|
|
|
| @@ -534,7 +537,8 @@ std::string CRLSetStorage::Serialize(const CRLSet* crl_set) {
|
|
|
| for (std::vector<std::string>::const_iterator j = i->second.begin();
|
| j != i->second.end(); ++j) {
|
| - out[off++] = j->size();
|
| + CHECK(base::IsValueInRangeForNumericType<uint8_t>(j->size()));
|
| + out[off++] = static_cast<uint8_t>(j->size());
|
| memcpy(out + off, j->data(), j->size());
|
| off += j->size();
|
| }
|
|
|
Chromium Code Reviews
Issue 761903003:
Update from https://crrev.com/306655 (Closed)
Base URL: git@github.com:domokit/mojo.git@master