DescriptionAdded bounds checking to GetNameFromTT to handle corrupt files.
This patch adds bounds checking to the names buffer passed to GetNameFromTT.
There are observed crashes in this function where data is read outside of the
bounds allocated and passed to GetNameFromTT. There's no reason that this
function should ever try and read outside of the allocated bounds.
BUG=583037
Patch Set 1 #Patch Set 2 : Check for facename being empty indicating an error. #
Total comments: 5
Patch Set 3 : Fixed nits. #
Messages
Total messages: 4 (1 generated)
|