From 0d435eae98fbe4f8055215a7aa6c483b07b7fa03 Mon Sep 17 00:00:00 2001
From: "cevans@chromium.org"
 <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Tue, 10 Nov 2009 01:42:46 +0000
Subject: Fix integer overflow in calculation of sparse I/O extent.

BUG=NONE
TEST=NONE

Review URL: http://codereview.chromium.org/372076

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@31532 0039d316-1c4b-4281-b951-d872f2087c98
---
 net/disk_cache/sparse_control.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'net/disk_cache')

diff --git a/net/disk_cache/sparse_control.cc b/net/disk_cache/sparse_control.cc
index 509ce78..06912de 100644
--- a/net/disk_cache/sparse_control.cc
+++ b/net/disk_cache/sparse_control.cc
@@ -176,7 +176,7 @@ int SparseControl::StartIO(SparseOperation op, int64 offset, net::IOBuffer* buf,
     return net::ERR_INVALID_ARGUMENT;
 
   // We only support up to 64 GB.
-  if (offset + buf_len >= 0x1000000000LL)
+  if (offset + buf_len >= 0x1000000000LL || offset + buf_len < 0)
     return net::ERR_CACHE_OPERATION_NOT_SUPPORTED;
 
   DCHECK(!user_buf_);
-- 
cgit v1.1