invalid read test_bug381412.hk.gb2312.js

RESOLVED FIXED

Status

()

Core
Internationalization
RESOLVED FIXED
9 years ago
5 years ago

People

(Reporter: Robert Sayre, Assigned: smontagu)

Tracking

unspecified
x86
Mac OS X
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments, 1 obsolete attachment)

(Reporter)

Description

9 years ago
see attached
(Reporter)

Comment 1

9 years ago
Created attachment 378759 [details]
valgrind log
Assignee: nobody → smontagu
Component: General → Internationalization
QA Contact: general → i18n
(Assignee)

Comment 2

9 years ago
Bug 90411 is closely related to this.
(Assignee)

Comment 3

9 years ago
Created attachment 381280 [details] [diff] [review]
Patch

So bug 90411 and this are two sides of the same coin: the decoder doesn't take into account that a multi-byte sequence can be split across buffer boundaries, so on the one hand it tries to read to the end of the sequence beyond the end of the input, and on the other hand it fails to decode the end of the sequence correctly at the beginning of the next buffer.
Attachment #381280 - Flags: review?
(Assignee)

Updated

9 years ago
Attachment #381280 - Flags: review? → review?(VYV03354)
Comment on attachment 381280 [details] [diff] [review]
Patch

> +    if (!oddByte) {
> +      if (srcByte & 0x80 || srcByte == HZLEAD1 || mHZState == HZ_STATE_GB) { 
> +        oddByte = srcByte;
NUL bytes will be ignored in GB mode. Is it intentional?
(Assignee)

Comment 5

9 years ago
Created attachment 383152 [details] [diff] [review]
patch v.2

Yes, good catch, it wasn't intentional :)
Attachment #381280 - Attachment is obsolete: true
Attachment #383152 - Flags: review?(VYV03354)
Attachment #381280 - Flags: review?(VYV03354)
Attachment #383152 - Flags: review?(VYV03354) → review+
(Assignee)

Comment 6

9 years ago
http://hg.mozilla.org/mozilla-central/rev/92a9095b9b0b
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
(Assignee)

Updated

9 years ago
Blocks: 90411
Group: core-security
You need to log in before you can comment on or make changes to this bug.