(In reply to Daniel Holbert [:dholbert] from comment #22) > ### Security Approval Request Note: I updated the patch and re-requested review, but the patch is essentially the same (just using a blanket approach to zero-initialize the whole struct instead of initializing specific members). Answers in comment 22 are still accurate, except for **How easily could an exploit be constructed based on the patch?:** is now slightly harder since it's less obvious which of the previously-uninitialized-members are the ones that we're actually caring about zero-initializing.
Bug 1893270 Comment 23 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Daniel Holbert [:dholbert] from comment #22) > ### Security Approval Request Note: I updated the patch and re-requested review, but the patch is essentially the same (just using a blanket approach to zero-initialize the whole struct instead of initializing specific members). Answers in comment 22 are still accurate, except that "**How easily could an exploit be constructed based on the patch?:**" is now slightly harder (hooray!) since it's less obvious to an attacker which of the previously-uninitialized-members are the ones that we're actually caring about zero-initializing.