Closed Bug 1257389 Opened 9 years ago Closed 9 years ago

ConvertJSValueToByteString should use fallible allocation

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla48

Tracking Flags:

Tracking

Status

firefox46

---

fixed

firefox47

---

fixed

firefox48

---

fixed

People

(Reporter: khuey, Assigned: khuey)

Details

Attachments

(1 file)

Patch 9 years ago Kyle Huey (Exited; not receiving bugmail, old account, do not use) 762 bytes, patch	bzbarsky : review+ Sylvestre : approval-mozilla-aurora+ Sylvestre : approval-mozilla-beta+	Details \| Diff \| Splinter Review

Kyle Huey (Exited; not receiving bugmail, old account, do not use)

Assignee

Description

•

9 years ago

Attached patch Patch — Details — Splinter Review

I found at least one dump on Socorro that crashed here. There are probably more but stackwalking fails, so I had to grovel around in the minidump to find the return address and pin it on ConvertJSValueToByteString.

Attachment #8731493 - Flags: review?(bzbarsky)

Boris Zbarsky [:bzbarsky]

Comment 1

•

9 years ago

Comment on attachment 8731493 [details] [diff] [review] Patch Good catch. r=me

Attachment #8731493 - Flags: review?(bzbarsky) → review+

Pulsebot

Comment 2

•

9 years ago

https://hg.mozilla.org/integration/mozilla-inbound/rev/eb4fb4fef6d4

Carsten Book [:Tomcat]

Comment 3

•

9 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/eb4fb4fef6d4

Status: NEW → RESOLVED

Closed: 9 years ago

status-firefox48: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla48

Kyle Huey (Exited; not receiving bugmail, old account, do not use)

Assignee

Comment 4

•

9 years ago

Comment on attachment 8731493 [details] [diff] [review] Patch Simple OOM fix to use fallible allocation on a content-controlled string. Approval Request Comment [Feature/regressing bug #]: N/A [User impact if declined]: Slightly more OOM crashes [Describe test coverage new/current, TreeHerder]: This code path is well tested, used by many WebIDL bindings [Risks and why]: low risk [String/UUID change made/needed]: N/A

Attachment #8731493 - Flags: approval-mozilla-beta?

Attachment #8731493 - Flags: approval-mozilla-aurora?

Sylvestre Ledru [:Sylvestre]

Updated

•

9 years ago

status-firefox46: --- → affected

status-firefox47: --- → affected

Sylvestre Ledru [:Sylvestre]

Comment 5

•

9 years ago

Comment on attachment 8731493 [details] [diff] [review] Patch Less crashes, taking it Should be in 46 beta 5

Attachment #8731493 - Flags: approval-mozilla-beta?

Attachment #8731493 - Flags: approval-mozilla-beta+

Attachment #8731493 - Flags: approval-mozilla-aurora?

Attachment #8731493 - Flags: approval-mozilla-aurora+

Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)

Comment 6

•

9 years ago

bugherder uplift

https://hg.mozilla.org/releases/mozilla-aurora/rev/f8845ecc6bee

status-firefox47: affected → fixed

Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)

Comment 7

•

9 years ago

bugherder uplift

https://hg.mozilla.org/releases/mozilla-beta/rev/391e44f7849f

status-firefox46: affected → fixed

Nobody; OK to take it and work on it

Updated

•

6 years ago

Component: DOM → DOM: Core & HTML

You need to log in before you can comment on or make changes to this bug.

Bugzilla

ConvertJSValueToByteString should use fallible allocation

Categories

(Core :: DOM: Core & HTML, defect)

Tracking

()

People

(Reporter: khuey, Assigned: khuey)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2

Comment 3

Comment 4

Updated

Comment 5

Comment 6

Comment 7

Updated

Attachment

General

Description

File Name

Content Type