summaryrefslogtreecommitdiffstats
path: root/base/pickle.cc
diff options
context:
space:
mode:
Diffstat (limited to 'base/pickle.cc')
-rw-r--r--base/pickle.cc5
1 files changed, 4 insertions, 1 deletions
diff --git a/base/pickle.cc b/base/pickle.cc
index 5e249c7..c3df8bc 100644
--- a/base/pickle.cc
+++ b/base/pickle.cc
@@ -208,6 +208,9 @@ bool Pickle::ReadWString(void** iter, std::wstring* result) const {
int len;
if (!ReadLength(iter, &len))
return false;
+ // Avoid integer overflow.
+ if (len > INT_MAX / static_cast<int>(sizeof(wchar_t)))
+ return false;
if (!IteratorHasRoomFor(*iter, len * sizeof(wchar_t)))
return false;
@@ -224,7 +227,7 @@ bool Pickle::ReadString16(void** iter, string16* result) const {
int len;
if (!ReadLength(iter, &len))
return false;
- if (!IteratorHasRoomFor(*iter, len))
+ if (!IteratorHasRoomFor(*iter, len * sizeof(char16)))
return false;
char16* chars = reinterpret_cast<char16*>(*iter);
generated by cgit v1.1 at 2025-01-30 10:54:22 +0000