ns[C]String::SetLength should abort if it fails

RESOLVED WONTFIX

Status

()

RESOLVED WONTFIX
17 years ago
13 years ago

People

(Reporter: waterson, Assigned: jag-mozilla)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

17 years ago
I've noticed a few places where we could end up with buffer-overruns if
SetLength() failed. People do stuff like this:

  nsAutoString buffer;
  buffer.SetLength(/* some number from someplace */);
  char *p = buffer.get();

  while (/* less than the number above */) {
    /* start splatting bits into p */;
  }

Realistically, this is probably _not_ a problem (*nix malloc will bring the
system down before returning a null pointer), but we might as well have our belt
and suspenders in place.
(Reporter)

Comment 1

17 years ago
(Probably any other string functions that try to grow the buffer ought to abort
the app on failure, too.)

Comment 2

13 years ago
I think this is a bad idea.  Web content can sometimes affect the size passed to a call to SetLength.  Since that could be used to trigger an out-of-memory error, we wouldn't want web content to kill the browser.  Instead, I think that SetLength should return a boolean and we should teach our code that uses BeginWriting to check for that error before writing to the returned memory address.

NOTE: All other string mutations done inside the string library handle OOM conditions somewhat gracefully.  They keep the string unmodified so that it is in a consistent state at least.

There's already another bug on file about fixing SetLength (see bug 284219), so I'm going to close this bug as WONTFIX.
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.