Open
Bug 1319978
Opened 8 years ago
Updated 2 years ago
Add some safety around allocating drawing surfaces with sizes loaded from IPC without checking.
Categories
(Core :: IPC, defect, P3)
Core
IPC
Tracking
()
NEW
People
(Reporter: huseby, Unassigned)
References
(Depends on 1 open bug)
Details
(Whiteboard: [IPC Audit])
While reviewing struct ParamTraits<mozilla::layers::SurfaceDescriptorX11>, I spotted that the mSize parameter is used, unchecked, to allocate memory for a drawing surface here: https://dxr.mozilla.org/mozilla-central/source/gfx/layers/ipc/ShadowLayerUtilsX11.cpp?q=%2Bfunction%3A%22mozilla%3A%3Alayers%3A%3ASurfaceDescriptorX11%3A%3AOpenForeign%28%29+const%22&redirect_type=single#102
We should at least bounds check this and then try to use a fallible memory allocator so that we can recover gracefully from any memory allocation failures.
|
Reporter | |
Comment 1•8 years ago
|
||
Paul, can I get a priority on this bug? It is assigned to me and in limbo until we prioritize it. Thanks
Flags: needinfo?(ptheriault)
Flags: needinfo?(julian.r.hector)
|
||
Updated•8 years ago
|
Flags: needinfo?(ptheriault)
|
||
Comment 2•8 years ago
|
||
Maybe we can fix this once Bug 1325647 landed. But I don't know what the priorities are.
Flags: needinfo?(julian.r.hector)
|
||
Updated•3 years ago
|
Assignee: huseby → nobody
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•