From 29d1eb815f296355e63a555729abc17b896d220a Mon Sep 17 00:00:00 2001 From: "sidchat@google.com" Date: Fri, 5 Sep 2008 19:25:54 +0000 Subject: Resolve Array Overflow. BUG=1362175 Review URL: http://codereview.chromium.org/474 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@1796 0039d316-1c4b-4281-b951-d872f2087c98 --- chrome/common/gfx/url_elider.cc | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/chrome/common/gfx/url_elider.cc b/chrome/common/gfx/url_elider.cc index 6ee32f9..f21888e 100644 --- a/chrome/common/gfx/url_elider.cc +++ b/chrome/common/gfx/url_elider.cc @@ -170,24 +170,27 @@ std::wstring ElideUrl(const GURL& url, url_path_number_of_elements--; } + const int kMaxNumberOfUrlPathElementsAllowed = 1024; + if (url_path_number_of_elements <= 1 || + url_path_number_of_elements > kMaxNumberOfUrlPathElementsAllowed) { + // No path to elide, or too long of a path (could overflow in loop below) + // Just elide this as a text string. + return ElideText(url_subdomain + url_domain + url_path_query_etc, font, + available_pixel_width); + } + // Start eliding the path and replacing elements by "../". std::wstring an_ellipsis_and_a_slash(kEllipsis); an_ellipsis_and_a_slash += '/'; int pixel_width_url_filename = font.GetStringWidth(url_filename); int pixel_width_dot_dot_slash = font.GetStringWidth(an_ellipsis_and_a_slash); int pixel_width_slash = font.GetStringWidth(L"/"); - int pixel_width_url_path_elements[256]; // Declared static for speed. + int pixel_width_url_path_elements[kMaxNumberOfUrlPathElementsAllowed]; for (int i = 0; i < url_path_number_of_elements; i++) { pixel_width_url_path_elements[i] = font.GetStringWidth(url_path_elements.at(i)); } - if (url_path_number_of_elements <= 1) { - // Nothing FITS - return domain and rest. - return ElideText(url_subdomain + url_domain + url_path_query_etc, font, - available_pixel_width); - } - // Check with both subdomain and domain. std::wstring elided_path; int pixel_width_elided_path; -- cgit v1.1