This bug is for reviewing all of the customizations of the ParamTraits template that handles serialization/deserialization of custom types. The primary focus is on the read functions looking for errors in handling data coming from the wire. Examples include: * incorrect bounds checking. * improper handling of enums. * improperly trusting the value of data provided by the sending side. * switch custom code to helper customizations of ParamTraits when available (e.g ParamTraits<nsACString>, etc). The current list of customizations is here: https://pastebin.mozilla.org/8926025 There are roughly 300 different customizations to review.
Priority: -- → P1
I have finished the hand audit of all of the custom serialization code. Here are the results. https://docs.google.com/a/mozilla.com/spreadsheets/d/1sTgA4bOuV0j1bP7_Q_QKsfiNNLfdIg_1CCo4-iB_cfo/edit?usp=sharing
FWIW, for things like nsTArray and nsCString, we've thought that it's more valuable for memory to be infallibly allocated so failure to allocate memory shows up as OOMs rather than IPC errors: http://dxr.mozilla.org/mozilla-central/source/ipc/glue/IPCMessageUtils.h#458 We'll crash if we infallibly allocate, and crash if we fallibly allocate, so this gives us better crash debugging information.
Closing now complete.
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.