Closed
Bug 1167461
Opened 9 years ago
Closed 9 years ago
Probable dereferencing of past-the-end iterator in ComputeSizeAndRVA
Categories
(Toolkit :: Crash Reporting, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: q1, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows; rv:26.0) Gecko/20100101 Firefox/26.0
Build ID: 20150305021524
Steps to reproduce:
ComputeSizeAndRVA in toolkit\crashreporter\google-breakpad\src\common\solaris\dump_symbols.cc line 366 dereferences a std::map::const_iterator that might == ::end() (the C++ specification calls this a "past-the-end" iterator). If the iterator does ever == ::end(), this usage is incorrect. It also presumably invokes undefined behavior under the C++ specification; see ISO/IEC 14882:1998(E) at s.24.1(5) (which, alas, is not a model of clarity). This bug could thus represent a security risk.
365: SymbolMap::const_iterator it = symbol_entries->find(func_name.c_str());
366: if (it->second) {...
Comment 2•9 years ago
|
||
Not a security bug: this code is used to process symbols as part of the build system and is never exposed to user data. Also this is Solaris-specific code in the google-breakpad project and should be filed there.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Component: Untriaged → Breakpad Integration
Product: Firefox → Toolkit
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•