Remove PlainOldDataSerializer
Categories
(Core :: IPC, task, P1)
Tracking
()
People
(Reporter: jgilbert, Assigned: jgilbert)
References
Details
Attachments
(1 file, 1 obsolete file)
|
48 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-esr128+
|
Details | Review |
It's not sound, and especially with ParamTraits_TiedFields, there are nearly-as-easy solutions that are actually sound.
|
Assignee | |
Comment 1•1 year ago
|
||
There's no sufficiently robust way to identify POD types in C++, such
that we could rely on this kind of thing for serialization.
As one example, bool must be carefully handled on deserialize, in case
an attacker wants to exploit the UB of bool with value 2.
Additionally, generally it's not viable to tell whether all the members
of a struct are PODs as well, and we need that level of assurance
recursively!
So we instead lean on e.g. ParamTraits_TiedFields/_IsEnumCase for our
extreme robustness requirements.
|
|
Assignee | |
Comment 2•1 year ago
|
||
|
||
Updated•1 year ago
|
|
||
Comment 4•1 year ago
|
||
| bugherder | ||
|
|
Assignee | |
Updated•1 year ago
|
|
||
Comment 5•1 year ago
|
||
Comment on attachment 9414501 [details]
Bug 1885245 - Remove PlainOldDataSerializer.
Carrying over the approval requests from bug 1909019...
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration: Harder to backport fixes to ESR, and losing out on some defense-in-depth
- User impact if declined:
- Fix Landed on Version: 130
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): It's on Beta now with no known regressions.
|
|
||
Comment 6•1 year ago
|
||
Comment on attachment 9414501 [details]
Bug 1885245 - Remove PlainOldDataSerializer.
Approved for 128.2esr.
|
|
||
Updated•1 year ago
|
Description
•