Closed
Bug 867531
Opened 11 years ago
Closed 10 years ago
Consider poisoning DOM stuff
Categories
(Core :: DOM: Core & HTML, enhancement)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: MatsPalmgren_bugz, Unassigned)
Details
(Keywords: sec-want)
Attachments
(3 files)
12.14 KB,
patch
|
Details | Diff | Splinter Review | |
3.03 KB,
patch
|
Details | Diff | Splinter Review | |
6.05 KB,
text/plain
|
Details |
No description provided.
Reporter | ||
Comment 1•11 years ago
|
||
Reporter | ||
Comment 2•11 years ago
|
||
Reporter | ||
Comment 3•11 years ago
|
||
I did an experiment with the attached patches (on top of the patches in bug 867530) to see if it could help mitigate exploitable crashes in content code. I used bug 865076 as an example. Using an Opt build on Linux64 it seems like it would make it non-exploitable. There are of course limitations to how useful this is in content code where the memory is quickly allocated for other purposes (unlike pres- arena objects) but it might help a bit. It could be made more useful with a special purpose allocator for content I guess.
Comment 4•11 years ago
|
||
Unless this is much simpler than bug 860254, I'd really prefer that we work on that one instead.
Comment 5•10 years ago
|
||
Mats, shall we close this in lieu of (fixed) bug 860254 or is there something more we can do here?
Flags: needinfo?(matspal)
Reporter | ||
Comment 6•10 years ago
|
||
If nsINode-derived classes are still allocated from the general heap, then yes, bug 860254 should take care of it, except for the issue that Jesse raises in bug 860254 comment 34. (assuming we use jemalloc on all platforms we care about)
Status: NEW → RESOLVED
Closed: 10 years ago
Flags: needinfo?(matspal)
Resolution: --- → WORKSFORME
Comment 7•10 years ago
|
||
Yes, nodes are allocated from the general heap, and we use jemalloc on all Tier 1 platforms.
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•7 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•