Open Bug 1189349 Opened 9 years ago Updated 2 years ago

Use mozilla::Tokenizer here and there

Categories

(Core :: General, defect)

Product:
Core
Component:
General
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox42 --- affected

People

(Reporter: mayhemer, Unassigned)

References

(Depends on 1 open bug)

Details

(Keywords: good-first-bug) 

      No description provided.
Assignee: nobody → honzab.moz
Status: NEW → ASSIGNED
Depends on: 1188991
Not actively working on this right now, but once would love to.
Assignee: honzab.moz → nobody
Status: ASSIGNED → NEW
Whiteboard: [good first bug]
Hi.. I would like to work on this bug.
I'm a beginner and still catching up to things...
(In reply to swapneshks from comment #2)
> Hi.. I would like to work on this bug.
> I'm a beginner and still catching up to things...

Thank you.  Unfortunatelly there is currently no one who would give you a guidance/mentoring right now, since all teams, specially the Necko (networking) team are pretty busy with priority projects.

This bug has a very low priority, it's only about a code cleanup.

If you write patches for this bug, there will probably be nobody to give you quickly a good feedback.

Thanks.
Is this issue active?
(In reply to Videet Singhai from comment #4)
> Is this issue active?

Nobody is actively working on it, but it's good to keep it on the list of open bugs.  When resources are available (=a developer has a spare time) it's worth to act.
Can you explain what is to be done?
(In reply to Videet Singhai from comment #6)
> Can you explain what is to be done?

Sure.  On many places in the code we have to parse some input, being it a HTTP response header, or any arbitrary input parsing, we may still use strstr, strchr, strcmp etc C function, which are unsafe and making the code potentially vulnerable, plus making such a code hard to maintain and change.

I used to have a list of things to change, but unfortunately can't find it right now.  If you are willing to wait a day or so, I can provide it with some instructions and example how to migrate to using the modern Tokenizer API.

Thank you.
Do the changes need to be done in a specific component, or is just all over the place?
(In reply to vinf100 from comment #8)
> Do the changes need to be done in a specific component, or is just all over
> the place?

Sorry for late answer.  I think I can say this can effect the whole platform, so - all over the place, yes.
(In reply to (away till 13.8.) Honza Bambas (:mayhemer) from comment #7)
> (In reply to Videet Singhai from comment #6)
> > Can you explain what is to be done?
> 
> Sure.  On many places in the code we have to parse some input, being it a
> HTTP response header, or any arbitrary input parsing, we may still use
> strstr, strchr, strcmp etc C function, which are unsafe and making the code
> potentially vulnerable, plus making such a code hard to maintain and change.
> 
> I used to have a list of things to change, but unfortunately can't find it
> right now.  If you are willing to wait a day or so, I can provide it with
> some instructions and example how to migrate to using the modern Tokenizer
> API.
> 
> Thank you.

Do you still have the list of necessary changes, as well as the instructions?

Hi, I want to work on this bug. Is this still active?

Depends on: 1542293

(In reply to Srujana Peddinti from comment #11)

Hi, I want to work on this bug. Is this still active?

Yes. Thanks! I just filed bug 1542293, which you can freely take. I can feedback any early patches and give advises.

(In reply to Honza Bambas (:mayhemer) from comment #12)

Yes. Thanks! I just filed bug 1542293, which you can freely take. I can feedback any early patches and give advises.

Sure, thank you. I have commented there. Sorry for the late reply, I was occupied with a couple of other things last week.

Keywords: good-first-bug
Whiteboard: [good first bug]
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.