Closed Bug 1320706 Opened 8 years ago Closed 3 years ago

JSAutoByteString is a footgun that we should stop using, because it mishandles embedded nulls


(Core :: JavaScript Engine, defect, P3)




Tracking Status
firefox53 --- affected


(Reporter: bzbarsky, Unassigned)



(Keywords: triage-deferred)

We should certainly stop using it on any data we do not control.  It doesn't keep track of the length of the string it produces, which means that input with embedded nulls will be corrupted.

For sanity's sake, we should just remove it entirely; as long as we leave it, people will reach for it and end up with buggy code.

The other option is to fix it to output a (char, length) pair, of course.
do you mean we just need to return correct length from |length()| method, or remove methods that returns `char*` alone?
if former, we could just add `length` out parameter to some APIs and keep correct length in JSAutoByteString.

if it also means latter, we could use Latin1Chars and UTF8Chars as return type instead of raw `char*`.
maybe we need to separate JSAutoByteString for each encoding, to make it clear which encoding it's returning tho.
The former would be a bare minimum.  The latter might be nicer.
See Also: → 1321771
Some of the JSAutoByteString uses in js/src/builtin/Intl.cpp can be changed to call js::StringEqualsAscii(JSLinearString*, const char*) instead. Actually this will also avoid an additional pod_malloc, so let's just update it to use StringEqualsAscii. (bug 1321771)
Keywords: triage-deferred
Priority: -- → P3

bug 1485066 removed JSAutoByteString

Closed: 3 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.