mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-07-29 20:29:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

LibWeb: Don't try to deserialize past length of strings

Browse source 
If we serialize a string followed by some other object, the deserialize
helper would just happily keep appending bytes to the string until the
end of the serialization buffer. Avoid doing that by checking the string
length for figuring out when the string actually ends.
This commit is contained in:
Andrew Kaster 2023-09-11 16:29:29 -06:00 committed by Andreas Kling
commit 3a74bd2509
Notes: sideshowbarker 2024-07-16 21:42:29 +09:00
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Userland/Libraries/LibWeb/HTML/StructuredSerialize.cpp
View file

@ -332,7 +332,7 @@ private:
Vector<u8> bytes;
TRY_OR_THROW_OOM(vm, bytes.try_ensure_capacity(size));
u64 byte_position = 0;
while (position < vector.size()) {
while (position < vector.size() && byte_position < size) {
for (u8 i = 0; i < 4; ++i) {
bytes.append(vector[position] >> (i * 8) & 0xFF);
byte_position++;