Fix one byte buffer over read in the IE importer code.

BUG=115892
R=kinaba@chromium.org
TEST=Import IE favorites


Review URL: http://codereview.chromium.org/9481004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@123970 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 3 insertions, 1 deletions

diff --git a/chrome/browser/importer/ie_importer_unittest_win.cc b/chrome/browser/importer/ie_importer_unittest_win.cc
index 433337a..349e81d 100644
--- a/chrome/browser/importer/ie_importer_unittest_win.cc
+++ b/chrome/browser/importer/ie_importer_unittest_win.cc
@@ -106,7 +106,9 @@ bool CreateOrderBlob(const FilePath& favorites_folder,
     ITEMIDLIST* id_list_full = ILCreateFromPath(
         favorites_folder.Append(path).Append(entries[i]).value().c_str());
     ITEMIDLIST* id_list = ILFindLastID(id_list_full);
-    size_t id_list_size = id_list->mkid.cb + sizeof(id_list->mkid);
+    // Include the trailing zero-length item id.  Don't include the single
+    // element array.
+    size_t id_list_size = id_list->mkid.cb + sizeof(id_list->mkid.cb);
 
     blob.resize(blob.size() + 8);
     uint32 total_size = id_list_size + 8;