Closed
Bug 1340581
Opened 3 years ago
Closed 3 years ago
release-assert against overflows in mozilla::Tokenizer
Categories
(Core :: XPCOM, defect)
Core
XPCOM
Tracking
()
RESOLVED
FIXED
mozilla54
| Tracking | Status | |
|---|---|---|
| firefox54 | --- | fixed |
People
(Reporter: mayhemer, Assigned: mayhemer)
Details
Attachments
(1 file, 1 obsolete file)
|
2.59 KB,
patch
|
mayhemer
:
review+
|
Details | Diff | Splinter Review |
There are some potentially dangerous use of how strings/dep-strings are constructed. Should be armed with release grade assertions.
|
Assignee | |
Comment 1•3 years ago
|
||
broom in front of my door-step :) https://treeherder.mozilla.org/#/jobs?repo=try&revision=9943fdadf45b8c383e0b6c77b2278d71d36fccc2
Attachment #8838643 -
Flags: review?(nfroyd)
|
|
Assignee | |
Comment 2•3 years ago
|
||
Better try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=05437466e352c84e0dafe43685d4a9536037aa02
|
|
||
Comment 3•3 years ago
|
||
Comment on attachment 8838643 [details] [diff] [review] v1 Review of attachment 8838643 [details] [diff] [review]: ----------------------------------------------------------------- r=me with the below changes. Thanks! ::: xpcom/ds/Tokenizer.cpp @@ +568,5 @@ > > + // This is not very likely to happen according to how we call this method > + // and since it's on a hot path, it's just a diagnostic assert, > + // not a release assert. > + MOZ_DIAGNOSTIC_ASSERT(caret <= mEnd, "Overflow?"); For consistency's sake with the previous two asserts, it seems like it'd be better to test: mEnd >= caret which is the same thing, but more closely linked to the pointer subtraction you're actually doing, and it's the same test you've been doing prior to this point. @@ +629,5 @@ > void > TokenizerBase::Token::AssignFragment(nsACString::const_char_iterator begin, > nsACString::const_char_iterator end) > { > + MOZ_RELEASE_ASSERT(begin <= end, "Overflow!"); Same comment here.
Attachment #8838643 -
Flags: review?(nfroyd) → review+
|
|
Assignee | |
Comment 4•3 years ago
|
||
Attachment #8838643 -
Attachment is obsolete: true
Attachment #8839937 -
Flags: review+
|
|
Assignee | |
Updated•3 years ago
|
Keywords: checkin-needed
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/ec3487e17b2f Add some release-grade assertions to mozilla::Tokenizer to catch string overflows. r=froydnj
Keywords: checkin-needed
|
||
Comment 6•3 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/ec3487e17b2f
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla54
You need to log in
before you can comment on or make changes to this bug.
Description
•