diff options
| author | khorimoto@chromium.org <khorimoto@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-28 02:14:44 +0000 |
|---|---|---|
| committer | khorimoto@chromium.org <khorimoto@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-28 02:14:44 +0000 |
| commit | 1c204e0f2fe0882ab1d3d5a61c3d613afd0fbc95 (patch) | |
| tree | c390dbd95123ce27a41ef3f4b16747b14264c2f1 /net/spdy | |
| parent | 177154bca217a66fb61e5667b715961984195e62 (diff) | |
| download | chromium_src-1c204e0f2fe0882ab1d3d5a61c3d613afd0fbc95.zip chromium_src-1c204e0f2fe0882ab1d3d5a61c3d613afd0fbc95.tar.gz chromium_src-1c204e0f2fe0882ab1d3d5a61c3d613afd0fbc95.tar.bz2 | |
Disallowed a NULL pointer from being passed as the second argument to memcpy(), which is undefined behavior.
CID=103649
BUG=NONE
TEST=NONE
Review URL: http://codereview.chromium.org/9872001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@129346 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/spdy')
| -rw-r--r-- | net/spdy/spdy_framer.cc | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/net/spdy/spdy_framer.cc b/net/spdy/spdy_framer.cc index faa2893..98117ac 100644 --- a/net/spdy/spdy_framer.cc +++ b/net/spdy/spdy_framer.cc @@ -178,7 +178,7 @@ void SpdyFramer::Reset() { } if (current_frame_capacity_ != initial_size) { delete [] current_frame_buffer_; - current_frame_buffer_ = 0; + current_frame_buffer_ = NULL; current_frame_capacity_ = 0; ExpandControlFrameBuffer(initial_size); } @@ -939,8 +939,10 @@ void SpdyFramer::ExpandControlFrameBuffer(size_t size) { if (alloc_size <= current_frame_capacity_) return; char* new_buffer = new char[alloc_size]; - memcpy(new_buffer, current_frame_buffer_, current_frame_len_); - delete [] current_frame_buffer_; + if (current_frame_buffer_ != NULL) { + memcpy(new_buffer, current_frame_buffer_, current_frame_len_); + delete [] current_frame_buffer_; + } current_frame_capacity_ = alloc_size; current_frame_buffer_ = new_buffer; } |