RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 05:18:12 +00:00
Code Issues Activity Actions

LibWeb: Don't try to deserialize past length of strings

Browse source 
If we serialize a string followed by some other object, the deserialize
helper would just happily keep appending bytes to the string until the
end of the serialization buffer. Avoid doing that by checking the string
length for figuring out when the string actually ends.
This commit is contained in:
Andrew Kaster 2023-09-11 16:29:29 -06:00 committed by Andreas Kling
parent 842b2a01e6
commit 3a74bd2509
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Userland/Libraries/LibWeb/HTML/StructuredSerialize.cpp
View file

@ -332,7 +332,7 @@ private:
Vector<u8> bytes;
TRY_OR_THROW_OOM(vm, bytes.try_ensure_capacity(size));
u64 byte_position = 0;
while (position < vector.size()) {
while (position < vector.size() && byte_position < size) {
for (u8 i = 0; i < 4; ++i) {
bytes.append(vector[position] >> (i * 8) & 0xFF);
byte_position++;