Closed Bug 1363431 Opened 8 years ago Closed 8 years ago

wasm: Check maximum size of br_table

Categories

(Core :: JavaScript Engine: JIT, defect)

Product:
Core
Component:
JavaScript Engine: JIT
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla55
Tracking Flags:
Tracking Status
firefox53 --- wontfix
firefox54 --- fixed
firefox55 --- fixed

People

(Reporter: bbouvier, Assigned: bbouvier)

References

Details

Attachments

(1 file)

Bug 1363431: wasm: Check for maximum br_table size;
59 bytes, text/x-review-board-request
luke
: review+
gchang
: approval-mozilla-aurora-
gchang
: approval-mozilla-beta+
Details
This somehow disappeared recently and :decoder found it during fuzzing. Let's fix it. I need to check whether it should be uplifted as well.
Blocks: wasm
Comment on attachment 8865922 [details] Bug 1363431: wasm: Check for maximum br_table size; https://reviewboard.mozilla.org/r/137512/#review141104 Weird; I wonder where it went?
Attachment #8865922 - Flags: review?(luke) → review+
Pushed by bbouvier@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/eb5cc2b22ef0 wasm: Check for maximum br_table size; r=luke
Comment on attachment 8865922 [details] Bug 1363431: wasm: Check for maximum br_table size; Approval Request Comment [Feature/Bug causing the regression]: wasm (?) [User impact if declined]: error reporting issue in the best case, browser DOS in the worst case (triggers a very long memory allocation that can exhaust memory, eventually causing a crash) [Is this code covered by automated tests?]: no [Has the fix been verified in Nightly?]: yes [Needs manual test from QE? If yes, steps to reproduce]: no [List of other uplifts needed for the feature/fix]: none [Is the change risky?]: no [Why is the change risky/not risky?]: more conservative + 2 lines fix [String changes made/needed]: none
Attachment #8865922 - Flags: approval-mozilla-beta?
Attachment #8865922 - Flags: approval-mozilla-aurora?
https://hg.mozilla.org/mozilla-central/rev/eb5cc2b22ef0
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox55: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
(forgot to press enter when i set the status flags yesterday -- all versions are affected up to release)
status-firefox53: --- → affected
Comment on attachment 8865922 [details] Bug 1363431: wasm: Check for maximum br_table size; Fix a wasm issue. Beta54+. Should be in 54 beta 8.
Attachment #8865922 - Flags: approval-mozilla-beta?
Attachment #8865922 - Flags: approval-mozilla-beta+
Attachment #8865922 - Flags: approval-mozilla-aurora?
Attachment #8865922 - Flags: approval-mozilla-aurora-
(In reply to Benjamin Bouvier [:bbouvier] from comment #4) > [Is this code covered by automated tests?]: no > [Has the fix been verified in Nightly?]: yes > [Needs manual test from QE? If yes, steps to reproduce]: no Setting qe-verify- based on Benjamin's assessment on manual testing needs.
Flags: qe-verify-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: