utf_string_conversions.cc, unsafe cast
Reported by
loic.jon...@gmail.com,
Nov 9 2016
|
|||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0 Steps to reproduce the problem: In ConvertUnicode() int32_t src_len32 = static_cast<int32_t>(src_len); is unsafe. It should first be checked that src_len < 1UL << 31 What is the expected behavior? What went wrong? Possible loss of precision. Did this work before? N/A Does this work in other browsers? N/A Chrome version: Channel: n/a OS Version: Flash Version: Shockwave Flash 11.2 r202
,
Nov 14 2016
This is about integer overflow, a low-level mistake. See https://www.securecoding.cert.org/confluence/display/c/INT30-C.+Ensure+that+unsigned+integer+operations+do+not+wrap
,
Nov 17 2016
,
Nov 17 2016
This looks like out of scope for TE, hence adding the respective label for it to triage further.
,
Oct 31 2017
,
Nov 1
Issue has not been modified or commented on in the last 365 days, please re-open or file a new bug if this is still an issue. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by rbasuvula@chromium.org
, Nov 11 2016Labels: Needs-Feedback