Closed
Bug 1406815
Opened 7 years ago
Closed 7 years ago
stylo: hard-assert more invariants in HashMap
Categories
(Core :: CSS Parsing and Computation, enhancement)
Core
CSS Parsing and Computation
Tracking
()
RESOLVED
FIXED
mozilla58
Tracking | Status | |
---|---|---|
firefox-esr52 | --- | unaffected |
firefox56 | --- | disabled |
firefox57 | --- | wontfix |
firefox58 | --- | fixed |
People
(Reporter: bholley, Assigned: bholley)
References
(Blocks 1 open bug)
Details
(Keywords: sec-other, Whiteboard: [adv-main58-][post-critsmash-triage])
Attachments
(2 files)
17.45 KB,
patch
|
manishearth
:
review+
|
Details | Diff | Splinter Review |
1.57 KB,
text/x-patch
|
Details |
I'm still hoping to catch something interesting with the canaries in bug 1406220. However, while it's still a bit too soon to say, we have some partial indicators that we're crashing on non-poison-valued garbage addresses even after bug 1405879.
Having also ruled out external corruption of our buffer via bug 1403397, the only remaining explanation I can think of is that we're somehow accessing memory outside of our buffer. We should be able to detect this with some hard-asserts around RawBucket.
Assignee | ||
Comment 1•7 years ago
|
||
Assignee | ||
Comment 2•7 years ago
|
||
MozReview-Commit-ID: H8jKywUewcZ
Attachment #8916459 -
Flags: review?(manishearth)
Updated•7 years ago
|
Attachment #8916459 -
Flags: review?(manishearth) → review+
Assignee | ||
Comment 3•7 years ago
|
||
Had to add a few fixes for orange found on try. At least the asserts are thorough. :-)
Attachment #8916494 -
Flags: review?(manishearth)
Assignee | ||
Comment 4•7 years ago
|
||
Assignee | ||
Comment 5•7 years ago
|
||
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•7 years ago
|
Blocks: stylo-hashmap-crashes
Updated•7 years ago
|
Group: core-security → core-security-release
Updated•7 years ago
|
status-firefox56:
--- → disabled
status-firefox57:
--- → wontfix
status-firefox58:
--- → fixed
status-firefox-esr52:
--- → unaffected
Target Milestone: --- → mozilla58
Updated•7 years ago
|
Attachment #8916494 -
Flags: review?(manishearth)
Updated•7 years ago
|
Whiteboard: [adv-main57-]
Updated•7 years ago
|
Whiteboard: [adv-main57-] → [adv-main58-]
Updated•7 years ago
|
Flags: qe-verify-
Whiteboard: [adv-main58-] → [adv-main58-][post-critsmash-triage]
Updated•6 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•