Closed Bug 1213436 Opened 4 years ago Closed 4 years ago

Reject core dumps with node IDs that don't fit in an IEEE 754 double

Categories

(DevTools :: Memory, defect)

defect
Not set

Tracking

(firefox44 fixed)

RESOLVED FIXED
Firefox 44
Tracking Status
firefox44 --- fixed

People

(Reporter: fitzgen, Assigned: fitzgen)

References

Details

Attachments

(1 file, 1 obsolete file)

Our IDs are derived from pointers (48 bits, which will fit) but some annoying person could purposely generate IDs that don't fit since we store them as unsigned 64 bit ints on disk / in protobuf.

Depends on bug 1211006 because we would like to use the JS::Value::isRepresentableNumber function defined in that patch.
Comment on attachment 8672126 [details] [diff] [review]
Reject core dumps with node IDs that don't fit in an IEEE 754 double

That try push went pretty poorly. Will fix this patch up before re-requesting review.
Attachment #8672126 - Flags: review?(sphink)
Looks like it is only 32 bit platforms that are getting caught in this assertion. Suspect my conversions are bad or something.
Attachment #8672126 - Attachment is obsolete: true
Alright, the issue was that when we were doing uint64_t(ptr) the ptr was getting sign extended on 32 bit platforms. So now we do uint64_t(uintptr_t(ptr)) to avoid the sign extending.

Try push: https://treeherder.mozilla.org/#/jobs?repo=try&revision=e0f68ff505f8
Woops, that try push didn't include the patch for bug 1211006. New try push: https://treeherder.mozilla.org/#/jobs?repo=try&revision=6c3f279c4ea3
Attachment #8673260 - Flags: review?(sphink) → review+
https://hg.mozilla.org/mozilla-central/rev/888009041487
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 44
Product: Firefox → DevTools
You need to log in before you can comment on or make changes to this bug.