Closed
Bug 1894826
Opened 15 days ago
Closed 15 days ago
unsafe precondition(s) violated: slice::from_raw_parts requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX` [@ core::slice::raw::from_raw_parts::precondition_check]
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
127 Branch
Tracking | Status | |
---|---|---|
firefox127 | --- | fixed |
People
(Reporter: glandium, Assigned: glandium)
References
Details
Attachments
(1 file)
[task 2024-05-02T20:43:20.363Z] 20:43:20 INFO - 11 libxul.so!core::panicking::panic_nounwind [panicking.rs:9b00956e56009bab2aa15d7bff10916599e3d6d6 : 156 + 0x13]
[task 2024-05-02T20:43:20.363Z] 20:43:20 INFO - rbx = 0x00007ffd9571fc01 rbp = 0x00007ffd9571fbe0
[task 2024-05-02T20:43:20.364Z] 20:43:20 INFO - rsp = 0x00007ffd9571fb60 r12 = 0x00007efd95dcd630
[task 2024-05-02T20:43:20.364Z] 20:43:20 INFO - r13 = 0x0000000000000005 r14 = 0x00007efd7da2ffe4
[task 2024-05-02T20:43:20.364Z] 20:43:20 INFO - r15 = 0x7fffffffffffffff rip = 0x00007efd956e5629
[task 2024-05-02T20:43:20.364Z] 20:43:20 INFO - Found by: call frame info
[task 2024-05-02T20:43:20.364Z] 20:43:20 INFO - 12 libxul.so!core::slice::raw::from_raw_parts::precondition_check [intrinsics.rs:9b00956e56009bab2aa15d7bff10916599e3d6d6 : 2799]
[task 2024-05-02T20:43:20.364Z] 20:43:20 INFO - Found by: inlining
[task 2024-05-02T20:43:20.364Z] 20:43:20 INFO - 13 libxul.so!core::slice::raw::from_raw_parts [raw.rs:9b00956e56009bab2aa15d7bff10916599e3d6d6 : 98]
[task 2024-05-02T20:43:20.364Z] 20:43:20 INFO - Found by: inlining
[task 2024-05-02T20:43:20.364Z] 20:43:20 INFO - 14 libxul.so!crypto_hash::CryptoHash::update [lib.rs:65cc80a2a1dfe70d0e2dcfca27c971a77693d37b : 108]
[task 2024-05-02T20:43:20.364Z] 20:43:20 INFO - Found by: inlining
[task 2024-05-02T20:43:20.364Z] 20:43:20 INFO - 15 libxul.so!crypto_hash::CryptoHash::Update [method.rs:65cc80a2a1dfe70d0e2dcfca27c971a77693d37b : 202]
[task 2024-05-02T20:43:20.364Z] 20:43:20 INFO - Found by: inlining
[task 2024-05-02T20:43:20.364Z] 20:43:20 INFO - 16 libxul.so!crypto_hash::CryptoHash::allocate::Update [lib.rs:65cc80a2a1dfe70d0e2dcfca27c971a77693d37b : 66 + 0x97]
[task 2024-05-02T20:43:20.365Z] 20:43:20 INFO - rbx = 0x00007ffd9571fc01 rbp = 0x00007ffd9571fbe0
[task 2024-05-02T20:43:20.365Z] 20:43:20 INFO - rsp = 0x00007ffd9571fbb0 r12 = 0x00007efd95dcd630
[task 2024-05-02T20:43:20.365Z] 20:43:20 INFO - r13 = 0x0000000000000005 r14 = 0x00007efd7da2ffe4
[task 2024-05-02T20:43:20.365Z] 20:43:20 INFO - r15 = 0x7fffffffffffffff rip = 0x00007efd94f5d851
[task 2024-05-02T20:43:20.366Z] 20:43:20 INFO - Found by: call frame info
[task 2024-05-02T20:43:20.366Z] 20:43:20 INFO - 17 libxul.so!NS_InvokeByIndex + 0x8d
[task 2024-05-02T20:43:20.366Z] 20:43:20 INFO - rbx = 0x00007ffd9571fc88 rbp = 0x00007ffd9571fc10
[task 2024-05-02T20:43:20.366Z] 20:43:20 INFO - rsp = 0x00007ffd9571fbf0 r12 = 0x00007efd7da2ffd0
[task 2024-05-02T20:43:20.366Z] 20:43:20 INFO - r13 = 0x0000000000000005 r14 = 0x0000000000000001
[task 2024-05-02T20:43:20.366Z] 20:43:20 INFO - r15 = 0x0000000000000002 rip = 0x00007efd8c9fb936
[task 2024-05-02T20:43:20.366Z] 20:43:20 INFO - Found by: call frame info
[task 2024-05-02T20:43:20.366Z] 20:43:20 INFO - 18 libxul.so!CallMethodHelper::Invoke() [XPCWrappedNative.cpp:65cc80a2a1dfe70d0e2dcfca27c971a77693d37b : 1621]
[task 2024-05-02T20:43:20.366Z] 20:43:20 INFO - Found by: inlining
Assignee | ||
Comment 1•15 days ago
|
||
slice::from_raw_parts doesn't like that it's given a null pointer, even
when the length is 0. Sure enough, we do end up calling update with an
empty string, and that ends up being a nullptr and a 0 length.
Since the digest update is not going to do anything anyways, just skip
it entirely. We keep the digest initialization check, though.
Updated•15 days ago
|
Assignee: nobody → mh+mozilla
Status: NEW → ASSIGNED
Pushed by mh@glandium.org: https://hg.mozilla.org/integration/autoland/rev/6331b11ff4ea Don't update digest when given string is empty. r=jschanck
Comment 3•15 days ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 15 days ago
status-firefox127:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 127 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•