diff options
| author | gspencer@google.com <gspencer@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-05-09 23:01:25 +0000 |
|---|---|---|
| committer | gspencer@google.com <gspencer@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-05-09 23:01:25 +0000 |
| commit | c77acea1923e7a60f4f65233f269abe2c86f68f3 (patch) | |
| tree | afff3a13ee3d5ff595cc88494b76ae77d9d2709d /webkit/glue | |
| parent | e7c93020dbd01cd8ea6a3c340fc4115afc0a373d (diff) | |
| download | chromium_src-c77acea1923e7a60f4f65233f269abe2c86f68f3.zip chromium_src-c77acea1923e7a60f4f65233f269abe2c86f68f3.tar.gz chromium_src-c77acea1923e7a60f4f65233f269abe2c86f68f3.tar.bz2 | |
This fixes a NULL dereference when reading malformed history items.
BUG=chromium-os:14992
TEST=Artificially caused failure in reading history item and observed no crash.
Review URL: http://codereview.chromium.org/6969004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@84706 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit/glue')
| -rw-r--r-- | webkit/glue/glue_serialize.cc | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/webkit/glue/glue_serialize.cc b/webkit/glue/glue_serialize.cc index df055fe..54ba743 100644 --- a/webkit/glue/glue_serialize.cc +++ b/webkit/glue/glue_serialize.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -112,10 +112,10 @@ inline void WriteReal(double data, SerializeObject* obj) { } inline double ReadReal(const SerializeObject* obj) { - const void* tmp; + const void* tmp = NULL; int length = 0; ReadData(obj, &tmp, &length); - if (length > 0 && length >= static_cast<int>(sizeof(0.0))) + if (tmp && length > 0 && length >= static_cast<int>(sizeof(0.0))) return *static_cast<const double*>(tmp); else return 0.0; |