Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-05 21:50:18 +01:00
Code Issues Projects Releases Packages Wiki Activity

Fix write past buffer length for proxy toString operation.

Browse source
This commit is contained in:
Josh Matthews 2013-04-08 10:19:25 -04:00
parent 4887fc7c9e
commit 6c6d070dab
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/servo/dom/bindings/proxyhandler.rs
View file

@ -62,7 +62,7 @@ pub fn _obj_toString(cx: *JSContext, className: *libc::c_char) -> *JSString {
unsafe {
let name = str::raw::from_buf(className as *u8);
let nchars = "[object ]".len() + name.len();
let chars: *mut jschar = cast::transmute(JS_malloc(cx, nchars as u64 * (size_of::<jschar>() as u64)));
let chars: *mut jschar = cast::transmute(JS_malloc(cx, (nchars + 1) as u64 * (size_of::<jschar>() as u64)));
if chars.is_null() {
return ptr::null();
}