Closed
Bug 1340581
Opened 8 years ago
Closed 8 years ago
release-assert against overflows in mozilla::Tokenizer
Categories
(Core :: XPCOM, defect)
Core
XPCOM
Tracking
()
RESOLVED
FIXED
mozilla54
Tracking | Status | |
---|---|---|
firefox54 | --- | fixed |
People
(Reporter: mayhemer, Assigned: mayhemer)
Details
Attachments
(1 file, 1 obsolete file)
2.59 KB,
patch
|
mayhemer
:
review+
|
Details | Diff | Splinter Review |
There are some potentially dangerous use of how strings/dep-strings are constructed. Should be armed with release grade assertions.
![]() |
Assignee | |
Comment 1•8 years ago
|
||
broom in front of my door-step :)
https://treeherder.mozilla.org/#/jobs?repo=try&revision=9943fdadf45b8c383e0b6c77b2278d71d36fccc2
Attachment #8838643 -
Flags: review?(nfroyd)
![]() |
Assignee | |
Comment 2•8 years ago
|
||
![]() |
||
Comment 3•8 years ago
|
||
Comment on attachment 8838643 [details] [diff] [review]
v1
Review of attachment 8838643 [details] [diff] [review]:
-----------------------------------------------------------------
r=me with the below changes. Thanks!
::: xpcom/ds/Tokenizer.cpp
@@ +568,5 @@
>
> + // This is not very likely to happen according to how we call this method
> + // and since it's on a hot path, it's just a diagnostic assert,
> + // not a release assert.
> + MOZ_DIAGNOSTIC_ASSERT(caret <= mEnd, "Overflow?");
For consistency's sake with the previous two asserts, it seems like it'd be better to test:
mEnd >= caret
which is the same thing, but more closely linked to the pointer subtraction you're actually doing, and it's the same test you've been doing prior to this point.
@@ +629,5 @@
> void
> TokenizerBase::Token::AssignFragment(nsACString::const_char_iterator begin,
> nsACString::const_char_iterator end)
> {
> + MOZ_RELEASE_ASSERT(begin <= end, "Overflow!");
Same comment here.
Attachment #8838643 -
Flags: review?(nfroyd) → review+
![]() |
Assignee | |
Comment 4•8 years ago
|
||
Attachment #8838643 -
Attachment is obsolete: true
Attachment #8839937 -
Flags: review+
![]() |
Assignee | |
Updated•8 years ago
|
Keywords: checkin-needed
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/ec3487e17b2f
Add some release-grade assertions to mozilla::Tokenizer to catch string overflows. r=froydnj
Keywords: checkin-needed
Comment 6•8 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla54
You need to log in
before you can comment on or make changes to this bug.
Description
•