This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch upstream/palemoon-master in repository pale-moon. commit e50a11dfe7bd8920d3bac2ce306fd50a5efa19c6 Author: Pale Moon <git-repo@palemoon.org> Date: Sun Jul 1 16:35:31 2018 +0200 Perform some sanity checks on nsMozIconURI. --- image/decoders/icon/nsIconURI.cpp | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/image/decoders/icon/nsIconURI.cpp b/image/decoders/icon/nsIconURI.cpp index 628eb31..51bf524 100644 --- a/image/decoders/icon/nsIconURI.cpp +++ b/image/decoders/icon/nsIconURI.cpp @@ -637,7 +637,17 @@ nsMozIconURI::Deserialize(const URIParams& aParams) mContentType = params.contentType(); mFileName = params.fileName(); mStockIcon = params.stockIcon(); + + if (params.iconSize() < -1 || + params.iconSize() >= (int32_t) ArrayLength(kSizeStrings)) { + return false; + } mIconSize = params.iconSize(); + + if (params.iconState() < -1 || + params.iconState() >= (int32_t) ArrayLength(kStateStrings)) { + return false; + } mIconState = params.iconState(); return true; -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git