Closed Bug 1754803 Opened 2 years ago Closed 2 years ago

nsDataObj::BuildPlatformHTML will misbehave given ~1GB of data

Categories

(Core :: Widget: Win32, defect, P3)

Product:
Core
Component:
Widget: Win32
Platform:
Desktop
Windows
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
105 Branch
Tracking Flags:
Tracking Status
firefox105 --- fixed

People

(Reporter: rkraesig, Assigned: rkraesig)

References

Details

(Whiteboard: [win:stability])

Attachments

(1 file)

Bug 1754803 - expand size-field to 16 digits if 8 won't suffice r?handyman
48 bytes, text/x-phabricator-request
Details | Review

The Win32-specific function nsDataObj::BuildPlatformHTML expects that the printed size of its outgoing data will fit in eight characters. It will fail (via OOM) if we try to copy 1e9 bytes' worth of HTML.

At time of writing, this behavior can't actually be triggered; it's concealed by bug 1524237.

Severity: -- → S3
Depends on: 1524237
Priority: -- → P3
Summary: Win32 BuildPlatformHTML implementation will misbehave given ~1GB of data → nsDataObj::BuildPlatformHTML will misbehave given ~1GB of data
Whiteboard: [win:stability]

This code goes back to bug 69363. It's not clear why the format specifiers are of fixed (limited) width but the CF_HTML type doesn't seem to require it. We could try increasing them.

(In reply to David Parks [:handyman] from comment #1)

This code goes back to bug 69363. It's not clear why the format specifiers are of fixed (limited) width

It's because the data whose length is described by the value includes the representation of the value itself. If it's potentially variable-width, calculating what it needs to be gets hairier.

We could try increasing them.

I'm a bit leery of that — but only because it's been like this for 20+ years, and by now there are probably a lot of ill-maintained programs and scripts which expect 8-character fields out of us and will break if they get anything else. We can't help them for 1GB copies, but we could at least avoid breaking them for the usual case.

(In reply to Ray Kraesig [:rkraesig] from comment #2)

I'm a bit leery of that — but only because it's been like this for 20+ years, and by now there are probably a lot of ill-maintained programs and scripts which expect 8-character fields out of us and will break if they get anything else. We can't help them for 1GB copies, but we could at least avoid breaking them for the usual case.

Drive-by comment: "ill-maintained programs and scripts" alone should not be a reason to hold off on improving/enhancing our code. There may be other reasons to hold off here, but this particular one shouldn't be one.

... while retaining the existing 8-wide padding for backward
compatibility with existing consumers.

Assignee: nobody → rkraesig
Status: NEW → ASSIGNED
Pushed by rkraesig@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/dfdce7cc09a9
expand size-field to 16 digits if 8 won't suffice  r=handyman

https://hg.mozilla.org/mozilla-central/rev/dfdce7cc09a9

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox105: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 105 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: