commit 0806951f373ae1b0223229605ca6cca62f7464bd Author: Mike Perry mikeperry-git@torproject.org Date: Fri Apr 25 14:46:39 2014 +0200

fixup! fix #9308 and #11433: don't leak user install path of TBB

Fix a memory leak, and add a couple length checks for extra safety.

The length checks appear to be redundant to internal nsCString checks, but the string classes are such a mess of indirection, size, length, and char type templates that we might as well double-check first. --- js/xpconnect/src/XPCException.cpp | 1 + xpcom/build/Omnijar.cpp | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/js/xpconnect/src/XPCException.cpp b/js/xpconnect/src/XPCException.cpp index 1e42662..bb4064a 100644 --- a/js/xpconnect/src/XPCException.cpp +++ b/js/xpconnect/src/XPCException.cpp @@ -298,6 +298,7 @@ nsXPCException::Initialize(const char *aMessage, nsresult aResult, const char *a nsAutoCString resourceFilename; mozilla::Omnijar::ConvertToResourceFilename(nsCString(rawFilename), resourceFilename); mFilename = (char *) nsMemory::Clone(resourceFilename.get(), resourceFilename.Length()+1); + nsMemory::Free(rawFileName); // allocated by GetFilename if (NS_FAILED(rc = aLocation->GetLineNumber(&mLineNumber))) return rc; } else { diff --git a/xpcom/build/Omnijar.cpp b/xpcom/build/Omnijar.cpp index 79fa163..36602a7 100644 --- a/xpcom/build/Omnijar.cpp +++ b/xpcom/build/Omnijar.cpp @@ -167,9 +167,10 @@ Omnijar::GetURIString(Type aType, nsACString &result) bool Omnijar::RebaseFilename(const nsCString& filename, const nsCString& oldBase, const nsCString& newBase, nsACString &result) { PRInt32 pos = filename.Find(oldBase); - if (pos > -1) { + PRInt32 pathLen = filename.Length() - pos - oldBase.Length(); + if (pos > -1 && pathLen > -1 && pathLen <= filename.Length()) { nsAutoCString path; - filename.Right(path, filename.Length() - pos - oldBase.Length()); + filename.Right(path, pathLen); result = newBase + path; return true; }