Closed Bug 149646 Opened 22 years ago Closed 18 years ago

ns[C]String::SetLength should abort if it fails

Categories

(Core :: XPCOM, defect)

Product:
Core
Component:
XPCOM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: waterson, Assigned: jag+mozilla)

Details

I've noticed a few places where we could end up with buffer-overruns if
SetLength() failed. People do stuff like this:

  nsAutoString buffer;
  buffer.SetLength(/* some number from someplace */);
  char *p = buffer.get();

  while (/* less than the number above */) {
    /* start splatting bits into p */;
  }

Realistically, this is probably _not_ a problem (*nix malloc will bring the
system down before returning a null pointer), but we might as well have our belt
and suspenders in place.
(Probably any other string functions that try to grow the buffer ought to abort
the app on failure, too.)
I think this is a bad idea.  Web content can sometimes affect the size passed to a call to SetLength.  Since that could be used to trigger an out-of-memory error, we wouldn't want web content to kill the browser.  Instead, I think that SetLength should return a boolean and we should teach our code that uses BeginWriting to check for that error before writing to the returned memory address.

NOTE: All other string mutations done inside the string library handle OOM conditions somewhat gracefully.  They keep the string unmodified so that it is in a consistent state at least.

There's already another bug on file about fixing SetLength (see bug 284219), so I'm going to close this bug as WONTFIX.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → WONTFIX
Component: String → XPCOM
You need to log in before you can comment on or make changes to this bug.