Closed
Bug 1117851
Opened 9 years ago
Closed 9 years ago
nsJSUtils::GetCallingLocation is a memory hazard footgun
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
mozilla37
People
(Reporter: bholley, Assigned: bholley)
References
Details
Attachments
(2 files)
8.38 KB,
patch
|
smaug
:
review+
|
Details | Diff | Splinter Review |
9.05 KB,
patch
|
Details | Diff | Splinter Review |
I noticed this while reviewing bug 1097998. The API returns an unowned char*, which is effectively valid until the next GC, because the guard object goes out of scope when nsJSUtils::GetCallingLocation returns. I just audited all the callers, and it looks like we're safe for now. But we should fix this before someone screws it up. I'll attach a patch.
Assignee | ||
Comment 1•9 years ago
|
||
Attachment #8544081 -
Flags: review?(bugs)
Assignee | ||
Comment 2•9 years ago
|
||
https://treeherder.mozilla.org/ui/#/jobs?repo=try&revision=f108af2f7e84
Updated•9 years ago
|
Attachment #8544081 -
Flags: review?(bugs) → review+
Assignee | ||
Comment 3•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/9035e4de3c03
Comment 4•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/9035e4de3c03
Assignee: nobody → bobbyholley
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla37
Comment 5•9 years ago
|
||
Backed out at smaug's request due to bug 1118257. https://hg.mozilla.org/integration/mozilla-inbound/rev/a3a485cf8fda
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Target Milestone: mozilla37 → ---
Comment 6•9 years ago
|
||
....which caused other bustage. Re-landed. https://hg.mozilla.org/integration/mozilla-inbound/rev/d8541085a5d5 Smaug says he'll prepare a backout patch. Leaving the bug open since that's where it's still going.
Comment 7•9 years ago
|
||
Updated•9 years ago
|
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/d8541085a5d5
Status: REOPENED → RESOLVED
Closed: 9 years ago → 9 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla37
You need to log in
before you can comment on or make changes to this bug.
Description
•