Move ToDouble back to nsTString
Categories
(Core :: XPCOM, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr91 | --- | unaffected |
firefox101 | --- | unaffected |
firefox102 | + | fixed |
firefox103 | + | fixed |
People
(Reporter: nika, Assigned: nika)
References
(Regression)
Details
(Keywords: regression, sec-other)
Attachments
(1 file)
48 bytes,
text/x-phabricator-request
|
pascalc
:
approval-mozilla-beta+
|
Details | Review |
In bug 1768418, we move ToDouble
to nsTStringRepr
, however I missed in review that it uses PR_strtod
which doesn't take a string length and could overrun when used on a non-null-terminated string.
We should move the method back to nsTString
to avoid this issue for now. I have some local changes which could allow it to be implemented on nsTStringRepr
again, but they're significant enough that we probably can't safely uplift.
Updated•2 years ago
|
Updated•2 years ago
|
Assignee | ||
Comment 1•2 years ago
|
||
This is probably not an active security issue, as there appear to be no new callers introduced since bug 1768418 which call the method on a substring (the build completed successfully with no changes to code outside of nsstring
after moving it back). We should probably uplift the fix though to protect future uplifts.
Assignee | ||
Comment 2•2 years ago
|
||
Assignee | ||
Comment 3•2 years ago
|
||
Comment on attachment 9279143 [details]
Bug 1772171 - Move ToDouble back to nsTString, r=#xpcom-reviewers
Beta/Release Uplift Approval Request
- User impact if declined: Future uplifts may introduce a sec issue if they call
ToDouble
on a non-nsCString
string.
There should be no impact on existing code. - Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Small change to revert an API change. Should have no actual behaviour change and is just for guarding against regressions caused by future uplifts.
- String changes made/needed: None
- Is Android affected?: Yes
Comment 4•2 years ago
|
||
Move ToDouble back to nsTString, r=xpcom-reviewers,mccr8
https://hg.mozilla.org/integration/autoland/rev/0ca2d284919ed425bedc5ccd760e6d635e470a7f
https://hg.mozilla.org/mozilla-central/rev/0ca2d284919e
Updated•2 years ago
|
Updated•2 years ago
|
Comment 5•2 years ago
|
||
Comment on attachment 9279143 [details]
Bug 1772171 - Move ToDouble back to nsTString, r=#xpcom-reviewers
Approved for 102 beta 5, thanks.
Comment 6•2 years ago
|
||
uplift |
Updated•2 years ago
|
Updated•1 year ago
|
Description
•