Closed Bug 1340581 Opened 8 years ago Closed 8 years ago

release-assert against overflows in mozilla::Tokenizer

Categories

(Core :: XPCOM, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla54
Tracking Status
firefox54 --- fixed

People

(Reporter: mayhemer, Assigned: mayhemer)

Details

Attachments

(1 file, 1 obsolete file)

There are some potentially dangerous use of how strings/dep-strings are constructed. Should be armed with release grade assertions.
Attached patch v1 (obsolete) — Splinter Review
Attachment #8838643 - Flags: review?(nfroyd)
Comment on attachment 8838643 [details] [diff] [review] v1 Review of attachment 8838643 [details] [diff] [review]: ----------------------------------------------------------------- r=me with the below changes. Thanks! ::: xpcom/ds/Tokenizer.cpp @@ +568,5 @@ > > + // This is not very likely to happen according to how we call this method > + // and since it's on a hot path, it's just a diagnostic assert, > + // not a release assert. > + MOZ_DIAGNOSTIC_ASSERT(caret <= mEnd, "Overflow?"); For consistency's sake with the previous two asserts, it seems like it'd be better to test: mEnd >= caret which is the same thing, but more closely linked to the pointer subtraction you're actually doing, and it's the same test you've been doing prior to this point. @@ +629,5 @@ > void > TokenizerBase::Token::AssignFragment(nsACString::const_char_iterator begin, > nsACString::const_char_iterator end) > { > + MOZ_RELEASE_ASSERT(begin <= end, "Overflow!"); Same comment here.
Attachment #8838643 - Flags: review?(nfroyd) → review+
Attached patch v1.1Splinter Review
Attachment #8838643 - Attachment is obsolete: true
Attachment #8839937 - Flags: review+
Keywords: checkin-needed
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/ec3487e17b2f Add some release-grade assertions to mozilla::Tokenizer to catch string overflows. r=froydnj
Keywords: checkin-needed
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla54
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: