Closed
Bug 1019892
Opened 10 years ago
Closed 10 years ago
propFlags is uninitialized in jsd_GetValueProperty if JS_GetPropertyById returns null
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: mccr8, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: coverity, csectype-uninitialized)
I don't know how bad this is.
Reporter | ||
Comment 1•10 years ago
|
||
How bad is this? Setting a property with random garbage flags sounds bad...
Flags: needinfo?(sphink)
Reporter | ||
Comment 2•10 years ago
|
||
This is using the old JS debugger interface, and I think it only happens on a particular OOM, so it doesn't seem too dangerous.
Keywords: sec-moderate
Comment 3•10 years ago
|
||
Uh, am I reading this wrong? The way I read it, propFlags is uninitialized in the *success* case. Which would be much worse, of course. The logic I see is if (!JS_GetPropertyById()) { propFlags = JSPD_EXCEPTION or JSPD_ERROR; propValue = JSVAL_VOID or uninitialized; } else { propFlags = uninitialized; propValue = value; } propFlags |= some stuff; return _newProperty(...propValue, propFlags...); Oh. Except this is all pretty innocuous. We're not creating any properties here. We're just making a JSD reflection of a property. If it has the wrong flags, it'll only make the debugger display the wrong thing or something. I don't know if anyone ever even looks at these flags. (Probably not, if they're usually wrong!)
Flags: needinfo?(sphink)
Reporter | ||
Comment 4•10 years ago
|
||
Ah, ok. It sounds like this doesn't need to be a security bug. Thanks for the analysis!
Group: core-security
Keywords: sec-moderate → csectype-uninitialized
Comment 5•10 years ago
|
||
Has the affected code been removed now with Bug 800200 being fixed, i.e. can this bug be closed?
Reporter | ||
Comment 6•10 years ago
|
||
Sounds good to me.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
Updated•6 years ago
|
Blocks: coverity-analysis
You need to log in
before you can comment on or make changes to this bug.
Description
•