New issue
Advanced search Search tips

Issue 663675 link

Starred by 1 user

Issue metadata

Status: Archived
Owner: ----
Closed: Nov 1
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

utf_string_conversions.cc, unsafe cast

Reported by loic.jon...@gmail.com, Nov 9 2016

Issue description

UserAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0

Steps to reproduce the problem:
In ConvertUnicode()
int32_t src_len32 = static_cast<int32_t>(src_len);
is unsafe.

It should first be checked that
src_len < 1UL << 31

What is the expected behavior?

What went wrong?
Possible loss of precision.

Did this work before? N/A 

Does this work in other browsers? N/A

Chrome version:   Channel: n/a
OS Version: 
Flash Version: Shockwave Flash 11.2 r202
 
Cc: rbasuvula@chromium.org
Labels: Needs-Feedback
Could you please provide us with a sample test cases/sample html file of the issue which would help us to triage the issue further.

Thanks in Advance.
Labels: M-56
Labels: -Needs-Feedback TE-NeedsTriageHelp
This looks like out of scope for TE, hence adding the respective label for it to  triage further.
Components: Internals>Core
Project Member

Comment 6 by sheriffbot@chromium.org, Nov 1

Status: Archived (was: Unconfirmed)
Issue has not been modified or commented on in the last 365 days, please re-open or file a new bug if this is still an issue.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment