Closed
Bug 1378971
Opened 8 years ago
Closed 4 years ago
Nascent undefined behavior in FromJSON_str_t()
Categories
(Core Graveyard :: Plug-ins, enhancement, P3)
Core Graveyard
Plug-ins
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: q1, Unassigned)
Details
(Keywords: csectype-undefined, sec-moderate)
FromJSON_str_t() (browser\extensions\mortar\host\rpc.h) invokes undefined behavior by obtaining an iterator into the std::string object |tokenValue|, modifying the object using std::string::erase() and std::string::replace(), then incrementing the iterator and using the result to retrieve characters from the object.
This usage violates C++11 s.21.4.1(6):
References, pointers, and iterators referring to the elements of a basic_string sequence may be invalidated by the following uses of that basic_string object:...
— Calling non-const member functions, except operator[], at, front, back, begin, rbegin, end, and
rend.
The bug appears to be nascent because it's in part of Project Mortar, which I believe has not yet been released.
|
||
Comment 1•8 years ago
|
||
Can you take a look at this to start, ywu?
Component: Untriaged → Plug-ins
Flags: needinfo?(ywu)
|
||
Updated•8 years ago
|
Group: core-security → dom-core-security
|
||
Updated•8 years ago
|
Priority: -- → P3
|
|
||
Updated•8 years ago
|
Keywords: sec-moderate
|
|
||
Updated•8 years ago
|
Keywords: csectype-undefined
|
||
Comment 3•4 years ago
|
||
Resolving as wont fix, plugin support deprecated in Firefox 85.
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WONTFIX
|
|
||
Updated•3 years ago
|
Product: Core → Core Graveyard
|
|
||
Updated•1 year ago
|
Group: dom-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•