diff options
author | AnotherTest <ali.mpfard@gmail.com> | 2020-04-27 21:53:39 +0430 |
---|---|---|
committer | Andreas Kling <kling@serenityos.org> | 2020-05-02 12:24:10 +0200 |
commit | cf5941c972e8a09ad6c9e2296892742c27fafe23 (patch) | |
tree | 32e72119fd2cf30b7b0ccb27b25d46f2e2aa5171 | |
parent | 7f1d3f6d62a7173312b11f11c4255ed09d21efc0 (diff) | |
download | serenity-cf5941c972e8a09ad6c9e2296892742c27fafe23.zip |
AK: Correct ByteBuffer::{overwrite,slice*} bounds check
-rw-r--r-- | AK/ByteBuffer.h | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/AK/ByteBuffer.h b/AK/ByteBuffer.h index af5f98823d..945461eee3 100644 --- a/AK/ByteBuffer.h +++ b/AK/ByteBuffer.h @@ -94,9 +94,9 @@ private: Wrap, Adopt }; - explicit ByteBufferImpl(size_t); // For ConstructionMode=Uninitialized + explicit ByteBufferImpl(size_t); // For ConstructionMode=Uninitialized ByteBufferImpl(const void*, size_t, ConstructionMode); // For ConstructionMode=Copy - ByteBufferImpl(void*, size_t, ConstructionMode); // For ConstructionMode=Wrap/Adopt + ByteBufferImpl(void*, size_t, ConstructionMode); // For ConstructionMode=Wrap/Adopt ByteBufferImpl() {} u8* m_data { nullptr }; @@ -183,10 +183,10 @@ public: { if (is_null()) return {}; - if (offset >= this->size()) - return {}; - if (offset + size >= this->size()) - size = this->size() - offset; + + // I cannot hand you a slice I don't have + ASSERT(offset + size <= this->size()); + return wrap(offset_pointer(offset), size); } @@ -194,10 +194,10 @@ public: { if (is_null()) return {}; - if (offset >= this->size()) - return {}; - if (offset + size >= this->size()) - size = this->size() - offset; + + // I cannot hand you a slice I don't have + ASSERT(offset + size <= this->size()); + return copy(offset_pointer(offset), size); } @@ -222,7 +222,7 @@ public: void overwrite(size_t offset, const void* data, size_t data_size) { // make sure we're not told to write past the end - ASSERT(offset + data_size < size()); + ASSERT(offset + data_size <= size()); __builtin_memcpy(this->data() + offset, data, data_size); } |