summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsidchat@google.com <sidchat@google.com@0039d316-1c4b-4281-b951-d872f2087c98>2008-09-05 19:25:54 +0000
committersidchat@google.com <sidchat@google.com@0039d316-1c4b-4281-b951-d872f2087c98>2008-09-05 19:25:54 +0000
commit29d1eb815f296355e63a555729abc17b896d220a (patch)
tree5edf552071026fb6cf50d9ae624322247e9caa55
parente25e80ea106113bae505ee6b776fb97be1117411 (diff)
downloadchromium_src-29d1eb815f296355e63a555729abc17b896d220a.zip
chromium_src-29d1eb815f296355e63a555729abc17b896d220a.tar.gz
chromium_src-29d1eb815f296355e63a555729abc17b896d220a.tar.bz2
Resolve Array Overflow.
BUG=1362175 Review URL: http://codereview.chromium.org/474 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@1796 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r--chrome/common/gfx/url_elider.cc17
1 files changed, 10 insertions, 7 deletions
diff --git a/chrome/common/gfx/url_elider.cc b/chrome/common/gfx/url_elider.cc
index 6ee32f9..f21888e 100644
--- a/chrome/common/gfx/url_elider.cc
+++ b/chrome/common/gfx/url_elider.cc
@@ -170,24 +170,27 @@ std::wstring ElideUrl(const GURL& url,
url_path_number_of_elements--;
}
+ const int kMaxNumberOfUrlPathElementsAllowed = 1024;
+ if (url_path_number_of_elements <= 1 ||
+ url_path_number_of_elements > kMaxNumberOfUrlPathElementsAllowed) {
+ // No path to elide, or too long of a path (could overflow in loop below)
+ // Just elide this as a text string.
+ return ElideText(url_subdomain + url_domain + url_path_query_etc, font,
+ available_pixel_width);
+ }
+
// Start eliding the path and replacing elements by "../".
std::wstring an_ellipsis_and_a_slash(kEllipsis);
an_ellipsis_and_a_slash += '/';
int pixel_width_url_filename = font.GetStringWidth(url_filename);
int pixel_width_dot_dot_slash = font.GetStringWidth(an_ellipsis_and_a_slash);
int pixel_width_slash = font.GetStringWidth(L"/");
- int pixel_width_url_path_elements[256]; // Declared static for speed.
+ int pixel_width_url_path_elements[kMaxNumberOfUrlPathElementsAllowed];
for (int i = 0; i < url_path_number_of_elements; i++) {
pixel_width_url_path_elements[i] =
font.GetStringWidth(url_path_elements.at(i));
}
- if (url_path_number_of_elements <= 1) {
- // Nothing FITS - return domain and rest.
- return ElideText(url_subdomain + url_domain + url_path_query_etc, font,
- available_pixel_width);
- }
-
// Check with both subdomain and domain.
std::wstring elided_path;
int pixel_width_elided_path;