Closed Bug 1486711 Opened Last year Closed Last year

Fill logically uninitialized parts of the string's buffer with a marker byte in debug builds

Categories

(Core :: String, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla64
Tracking Status
firefox64 --- fixed

People

(Reporter: hsivonen, Assigned: hsivonen)

References

Details

Attachments

(1 file)

(Using post- bug 1482828 method names.)

In order to detect bogus reads in debug builds, StartBulkWriteImpl() and FinishBulkWriteImpl() should fill logically uninitialized parts of the buffer with 0xA5 (and, if applicable, tell Valgrind and MemorySanitizer to mark these memory ranges as uninitialized in the shadow memory).

If aNewSuffixStart is zero, StartBulkWriteImpl() should overwrite from index aPrefixToPreserve up to and including index newCapacity (after the memcpy/memmove operations).

If aNewSuffixStart is not zero, StarkBulkWriteImpl() should overwrite from index aPrefixToPreserve up to but not including aNewSuffixStart and from aNewSuffixStart + aSuffixLength up to and including newCapacity (after the memcpy/memmove operations).

FinishBulkWriteImpl() should overwrite from index aLength up to and including index Capacity().
From https://github.com/llvm-mirror/compiler-rt/blob/master/include/sanitizer/msan_interface.h :

  /* Make memory region fully uninitialized (without changing its contents).
     This is a legacy interface that does not update origin information. Use
     __msan_allocated_memory() instead. */
void __msan_poison(const volatile void *a, size_t size);

  /* Tell MSan about newly allocated memory (ex.: custom allocator).
     Memory will be marked uninitialized, with origin at the call site. */
void __msan_allocated_memory(const volatile void* data, size_t size);
Blocks: 1487341
Assignee: nobody → hsivonen
Status: NEW → ASSIGNED
(In reply to Henri Sivonen (:hsivonen) from comment #0)
> If aNewSuffixStart is zero

Checking the suffix length makes more sense when deciding if there's a suffix.
Summary: Fill logically uninitialized parts of the strings buffer with a marker byte in debug builds → Fill logically uninitialized parts of the string's buffer with a marker byte in debug builds
Attachment #9005143 - Attachment description: Bug 1486711 - Fill logically uninitialized parts of an XPCOM string'ss buffer with a marker byte in debug builds. → Bug 1486711 - Fill logically uninitialized parts of an XPCOM string's buffer with a marker byte in debug builds.
Comment on attachment 9005143 [details]
Bug 1486711 - Fill logically uninitialized parts of an XPCOM string's buffer with a marker byte in debug builds.

Nathan Froyd [:froydnj] has approved the revision.
Attachment #9005143 - Flags: review+
Pushed by hsivonen@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/6b4b2b7324d9
Fill logically uninitialized parts of an XPCOM string's buffer with a marker byte in debug builds. r=froydnj
https://hg.mozilla.org/mozilla-central/rev/6b4b2b7324d9
Status: ASSIGNED → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
See Also: → 1490972
You need to log in before you can comment on or make changes to this bug.