From 6e720f14214df28f3b38adb7d9e7291c41257015 Mon Sep 17 00:00:00 2001 From: Mark Mentovai Date: Fri, 1 Aug 2014 13:30:27 -0400 Subject: [PATCH] Fix StringFileWriter::Seek(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The final range check needs to check that the value fits in a size_t, because that’s what StringFileWriter uses for its offset_. TEST=util_test StringFileWriter.SeekInvalid R=rsesek@chromium.org Review URL: https://codereview.chromium.org/434103003 --- util/file/string_file_writer.cc | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/util/file/string_file_writer.cc b/util/file/string_file_writer.cc index 2c2f1f52..5875a327 100644 --- a/util/file/string_file_writer.cc +++ b/util/file/string_file_writer.cc @@ -110,26 +110,26 @@ off_t StringFileWriter::Seek(off_t offset, int whence) { return -1; } - off_t offset_offt; - if (!AssignIfInRange(&offset_offt, base_offset)) { + off_t base_offset_offt; + if (!AssignIfInRange(&base_offset_offt, base_offset)) { LOG(ERROR) << "Seek(): base_offset " << base_offset << " invalid for off_t"; return -1; } - - base::CheckedNumeric new_offset(offset_offt); + base::CheckedNumeric new_offset(base_offset_offt); new_offset += offset; if (!new_offset.IsValid()) { LOG(ERROR) << "Seek(): new_offset invalid"; return -1; } - - if (!AssignIfInRange(&offset_offt, new_offset.ValueOrDie())) { - LOG(ERROR) << "Seek(): new_offset " << new_offset.ValueOrDie() + off_t new_offset_offt = new_offset.ValueOrDie(); + size_t new_offset_sizet; + if (!AssignIfInRange(&new_offset_sizet, new_offset_offt)) { + LOG(ERROR) << "Seek(): new_offset " << new_offset_offt << " invalid for size_t"; return -1; } - offset_ = offset_offt; + offset_ = new_offset_sizet; return offset_.ValueOrDie(); }