indexeddb: early out during malformed varint decoding
Bug: 1225060
Change-Id: Ifc4702b769494024706b32bd47dc858ab3caa389
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3015246
Commit-Queue: Marijn Kruisselbrink <mek@chromium.org>
Auto-Submit: enne <enne@chromium.org>
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#900849}
This commit is contained in:
Adrienne Walker
committed by
Chromium LUCI CQ
Chromium LUCI CQ
parent
84f7e7c7e0
commit
1b9f40a1e2
@@ -32,11 +32,10 @@ bool DecodeVarInt(base::StringPiece* from, int64_t* into) {
|
|||||||
int shift = 0;
|
int shift = 0;
|
||||||
uint64_t ret = 0;
|
uint64_t ret = 0;
|
||||||
do {
|
do {
|
||||||
if (it == from->end())
|
// Shifting 64 or more bits is undefined behavior.
|
||||||
|
if (it == from->end() || shift >= 64)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
// Shifting 64 or more bits is undefined behavior.
|
|
||||||
DCHECK_LT(shift, 64);
|
|
||||||
unsigned char c = *it;
|
unsigned char c = *it;
|
||||||
ret |= static_cast<uint64_t>(c & 0x7f) << shift;
|
ret |= static_cast<uint64_t>(c & 0x7f) << shift;
|
||||||
shift += 7;
|
shift += 7;
|
||||||
|
|||||||
Reference in New Issue
Block a user