From 2d936058f70e65bc7751d1bc3adbf5df84a14fb0 Mon Sep 17 00:00:00 2001
From: "glider@chromium.org"
 <glider@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Tue, 13 Mar 2012 17:17:56 +0000
Subject: Fix PickleTest.GetReadPointerAndAdvance not to produce wild addresses
 while checking for overflows.

BUG=117704
TBR=willchan
Review URL: https://chromiumcodereview.appspot.com/9694034

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@126413 0039d316-1c4b-4281-b951-d872f2087c98
---
 base/pickle.cc | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

(limited to 'base/pickle.cc')

diff --git a/base/pickle.cc b/base/pickle.cc
index a095e35..3b8e0ce 100644
--- a/base/pickle.cc
+++ b/base/pickle.cc
@@ -45,13 +45,9 @@ inline const char* PickleIterator::GetReadPointerAndAdvance() {
 }
 
 const char* PickleIterator::GetReadPointerAndAdvance(int num_bytes) {
-  const char* current_read_ptr = read_ptr_;
-  const char* end_data_ptr = read_ptr_ + num_bytes;
-  if (num_bytes < 0)
-    return NULL;
-  // Check for enough space and for wrapping.
-  if (end_data_ptr > read_end_ptr_ || end_data_ptr < current_read_ptr)
+  if (num_bytes < 0 || read_end_ptr_ - read_ptr_ < num_bytes)
     return NULL;
+  const char* current_read_ptr = read_ptr_;
   read_ptr_ += AlignInt(num_bytes, sizeof(uint32));
   return current_read_ptr;
 }
-- 
cgit v1.1