Closed Bug 1257389 Opened 5 years ago Closed 5 years ago

ConvertJSValueToByteString should use fallible allocation

Categories

(Core :: DOM: Core & HTML, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla48
Tracking Status
firefox46 --- fixed
firefox47 --- fixed
firefox48 --- fixed

People

(Reporter: khuey, Assigned: khuey)

Details

Attachments

(1 file)

Attached patch PatchSplinter Review
I found at least one dump on Socorro that crashed here.  There are probably more but stackwalking fails, so I had to grovel around in the minidump to find the return address and pin it on ConvertJSValueToByteString.
Attachment #8731493 - Flags: review?(bzbarsky)
Comment on attachment 8731493 [details] [diff] [review]
Patch

Good catch.  r=me
Attachment #8731493 - Flags: review?(bzbarsky) → review+
https://hg.mozilla.org/mozilla-central/rev/eb4fb4fef6d4
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla48
Comment on attachment 8731493 [details] [diff] [review]
Patch

Simple OOM fix to use fallible allocation on a content-controlled string.

Approval Request Comment
[Feature/regressing bug #]: N/A
[User impact if declined]: Slightly more OOM crashes
[Describe test coverage new/current, TreeHerder]: This code path is well tested, used by many WebIDL bindings
[Risks and why]: low risk
[String/UUID change made/needed]: N/A
Attachment #8731493 - Flags: approval-mozilla-beta?
Attachment #8731493 - Flags: approval-mozilla-aurora?
Comment on attachment 8731493 [details] [diff] [review]
Patch

Less crashes, taking it
Should be in 46 beta 5
Attachment #8731493 - Flags: approval-mozilla-beta?
Attachment #8731493 - Flags: approval-mozilla-beta+
Attachment #8731493 - Flags: approval-mozilla-aurora?
Attachment #8731493 - Flags: approval-mozilla-aurora+
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.