Closed Bug 1894826 Opened 15 days ago Closed 15 days ago

unsafe precondition(s) violated: slice::from_raw_parts requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX` [@ core::slice::raw::from_raw_parts::precondition_check]

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
127 Branch
Tracking Flags:
Tracking Status
firefox127 --- fixed

People

(Reporter: glandium, Assigned: glandium)

References

Details

Attachments

(1 file)

Bug 1894826 - Don't update digest when given string is empty.
48 bytes, text/x-phabricator-request
Details | Review 
[task 2024-05-02T20:43:20.363Z] 20:43:20     INFO - 11  libxul.so!core::panicking::panic_nounwind [panicking.rs:9b00956e56009bab2aa15d7bff10916599e3d6d6 : 156 + 0x13]
[task 2024-05-02T20:43:20.363Z] 20:43:20     INFO -      rbx = 0x00007ffd9571fc01    rbp = 0x00007ffd9571fbe0
[task 2024-05-02T20:43:20.364Z] 20:43:20     INFO -      rsp = 0x00007ffd9571fb60    r12 = 0x00007efd95dcd630
[task 2024-05-02T20:43:20.364Z] 20:43:20     INFO -      r13 = 0x0000000000000005    r14 = 0x00007efd7da2ffe4
[task 2024-05-02T20:43:20.364Z] 20:43:20     INFO -      r15 = 0x7fffffffffffffff    rip = 0x00007efd956e5629
[task 2024-05-02T20:43:20.364Z] 20:43:20     INFO -     Found by: call frame info
[task 2024-05-02T20:43:20.364Z] 20:43:20     INFO - 12  libxul.so!core::slice::raw::from_raw_parts::precondition_check [intrinsics.rs:9b00956e56009bab2aa15d7bff10916599e3d6d6 : 2799]
[task 2024-05-02T20:43:20.364Z] 20:43:20     INFO -     Found by: inlining
[task 2024-05-02T20:43:20.364Z] 20:43:20     INFO - 13  libxul.so!core::slice::raw::from_raw_parts [raw.rs:9b00956e56009bab2aa15d7bff10916599e3d6d6 : 98]
[task 2024-05-02T20:43:20.364Z] 20:43:20     INFO -     Found by: inlining
[task 2024-05-02T20:43:20.364Z] 20:43:20     INFO - 14  libxul.so!crypto_hash::CryptoHash::update [lib.rs:65cc80a2a1dfe70d0e2dcfca27c971a77693d37b : 108]
[task 2024-05-02T20:43:20.364Z] 20:43:20     INFO -     Found by: inlining
[task 2024-05-02T20:43:20.364Z] 20:43:20     INFO - 15  libxul.so!crypto_hash::CryptoHash::Update [method.rs:65cc80a2a1dfe70d0e2dcfca27c971a77693d37b : 202]
[task 2024-05-02T20:43:20.364Z] 20:43:20     INFO -     Found by: inlining
[task 2024-05-02T20:43:20.364Z] 20:43:20     INFO - 16  libxul.so!crypto_hash::CryptoHash::allocate::Update [lib.rs:65cc80a2a1dfe70d0e2dcfca27c971a77693d37b : 66 + 0x97]
[task 2024-05-02T20:43:20.365Z] 20:43:20     INFO -      rbx = 0x00007ffd9571fc01    rbp = 0x00007ffd9571fbe0
[task 2024-05-02T20:43:20.365Z] 20:43:20     INFO -      rsp = 0x00007ffd9571fbb0    r12 = 0x00007efd95dcd630
[task 2024-05-02T20:43:20.365Z] 20:43:20     INFO -      r13 = 0x0000000000000005    r14 = 0x00007efd7da2ffe4
[task 2024-05-02T20:43:20.365Z] 20:43:20     INFO -      r15 = 0x7fffffffffffffff    rip = 0x00007efd94f5d851
[task 2024-05-02T20:43:20.366Z] 20:43:20     INFO -     Found by: call frame info
[task 2024-05-02T20:43:20.366Z] 20:43:20     INFO - 17  libxul.so!NS_InvokeByIndex + 0x8d
[task 2024-05-02T20:43:20.366Z] 20:43:20     INFO -      rbx = 0x00007ffd9571fc88    rbp = 0x00007ffd9571fc10
[task 2024-05-02T20:43:20.366Z] 20:43:20     INFO -      rsp = 0x00007ffd9571fbf0    r12 = 0x00007efd7da2ffd0
[task 2024-05-02T20:43:20.366Z] 20:43:20     INFO -      r13 = 0x0000000000000005    r14 = 0x0000000000000001
[task 2024-05-02T20:43:20.366Z] 20:43:20     INFO -      r15 = 0x0000000000000002    rip = 0x00007efd8c9fb936
[task 2024-05-02T20:43:20.366Z] 20:43:20     INFO -     Found by: call frame info
[task 2024-05-02T20:43:20.366Z] 20:43:20     INFO - 18  libxul.so!CallMethodHelper::Invoke() [XPCWrappedNative.cpp:65cc80a2a1dfe70d0e2dcfca27c971a77693d37b : 1621]
[task 2024-05-02T20:43:20.366Z] 20:43:20     INFO -     Found by: inlining

slice::from_raw_parts doesn't like that it's given a null pointer, even
when the length is 0. Sure enough, we do end up calling update with an
empty string, and that ends up being a nullptr and a 0 length.

Since the digest update is not going to do anything anyways, just skip
it entirely. We keep the digest initialization check, though.

Assignee: nobody → mh+mozilla
Status: NEW → ASSIGNED
Pushed by mh@glandium.org:
https://hg.mozilla.org/integration/autoland/rev/6331b11ff4ea
Don't update digest when given string is empty. r=jschanck

https://hg.mozilla.org/mozilla-central/rev/6331b11ff4ea

Status: ASSIGNED → RESOLVED
Closed: 15 days ago
status-firefox127: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 127 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: