Closed Bug 1684123 Opened 5 months ago Closed 4 months ago

No good way to get typed array data that is stable under GC

Categories

(Core :: JavaScript: GC, enhancement)

enhancement

Tracking

()

RESOLVED FIXED
86 Branch
Tracking Status
firefox-esr78 85+ fixed
firefox84 --- wontfix
firefox85 + fixed
firefox86 + fixed

People

(Reporter: sfink, Assigned: sfink)

References

Details

(Keywords: sec-other, Whiteboard: [adv-main85-][adv-esr78.7-])

Attachments

(1 file)

For some rooting hazards, I need a way to access typed array data and be guaranteed that it won't move during a GC. This bug is for adding such a facility.

This bug itself is an enhancement and is not security sensitive, but it could reveal that we are not doing this safely right now.

Assignee: nobody → sphink
Status: NEW → ASSIGNED
Keywords: sec-other
Group: core-security → javascript-core-security

Backed out bug 1684123 and bug 1682068 for build bustage:

https://hg.mozilla.org/integration/autoland/rev/d59ed2dfcc645c959387d56ce9f04a892ee0110c

Push with failures: https://treeherder.mozilla.org/jobs?repo=autoland&group_state=expanded&selectedTaskRun=K8rJjbIXQ5-04X5gzzk_7g.0&resultStatus=testfailed%2Cbusted%2Cexception%2Cretry%2Cusercancel%2Crunnable&revision=e6df68a131a394198f98d63993de6954989eaec2
Failure log: https://treeherder.mozilla.org/logviewer?job_id=326612322&repo=autoland

[task 2021-01-13T18:25:55.982Z] 18:25:55 INFO - In file included from Unified_cpp_dom_canvas0.cpp:92:
[task 2021-01-13T18:25:55.982Z] 18:25:55 ERROR - /builds/worker/checkouts/gecko/dom/canvas/ImageBitmap.cpp:895:9: error: no member named 'Reset' in 'mozilla::dom::RootedSpiderMonkeyInterface<mozilla::dom::TypedArray<unsigned char, &js::UnwrapUint8ClampedArray, &JS_GetUint8ClampedArrayData, &js::GetUint8ClampedArrayLengthAndData, &JS_NewUint8ClampedArray>>'
[task 2021-01-13T18:25:55.982Z] 18:25:55 INFO - array.Reset();
[task 2021-01-13T18:25:55.982Z] 18:25:55 INFO - ~~~~~ ^
[task 2021-01-13T18:25:55.982Z] 18:25:55 INFO - 1 error generated.

Flags: needinfo?(sphink)
Group: javascript-core-security → core-security-release
Status: ASSIGNED → RESOLVED
Closed: 4 months ago
Flags: needinfo?(sphink)
Resolution: --- → FIXED
Target Milestone: --- → 86 Branch

Comment on attachment 9194614 [details]
Bug 1684123 - Implement GetArrayBufferViewFixedData and dom::TypedArray_base::FixedData().

Approved for 85.0b9 and 78.7esr.

Attachment #9194614 - Flags: approval-mozilla-esr78+
Attachment #9194614 - Flags: approval-mozilla-beta+
QA Whiteboard: [post-critsmash-triage]
Flags: qe-verify-
Whiteboard: [adv-main85-]
Whiteboard: [adv-main85-] → [adv-main85-][adv-esr78.7-]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.