(Hidden by Administrator)
Bug 1746545 Comment 8 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
### Security Approval Request * **How easily could an exploit be constructed based on the patch?**: There are a few cases inside SWGL/SW-WR where we check that geometry supplied either from content or canvas doesn't result in Infs/Nans in the code due to excessively large values or division by zero. Whether or not this could intentionally result in something exploitable is unknown, although it is observably able to cause infinite loops, crashing, and/or heap overruns due to checking against these values. * **Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?**: Unknown * **Which older supported branches are affected by this flaw?**: 91+ * **If not all supported branches, which bug introduced the flaw?**: Bug 1700717 * **Do you have backports for the affected branches?**: Yes * **If not, how different, hard to create, and risky will they be?**: * **How likely is this patch to cause regressions; how much testing does it need?**: Pending testing on try, this should be fairly safe, since it just disables a side-effect optimization (-ffinite-math-only) that got enabled with -ffast-math, which was unexpected. Our debug builds already shouldn't have this problem since they are unaffected by -ffast-math, and thus we already have some indication things should work fine with this -fno-finite-math-only chucked on inside SWGL. ### Beta/Release Uplift Approval Request * **User impact if declined**: * **Is this code covered by automated tests?**: Yes * **Has the fix been verified in Nightly?**: Yes * **Needs manual test from QE?**: Yes * **If yes, steps to reproduce**: * **List of other uplifts needed**: None * **Risk to taking this patch**: Low * **Why is the change risky/not risky? (and alternatives if risky)**: * **String changes made/needed**: ### ESR Uplift Approval Request * **If this is not a sec:{high,crit} bug, please state case for ESR consideration**: * **User impact if declined**: * **Fix Landed on Version**: * **Risk to taking this patch**: Low * **Why is the change risky/not risky? (and alternatives if risky)**: