Open Bug 558946 Opened 15 years ago Updated 2 years ago

Consider adding a canary to cdata objects to detect overflow

Categories

(Core :: js-ctypes, enhancement)

enhancement

Tracking

()

People

(Reporter: Dolske, Unassigned)

References

(Blocks 1 open bug)

Details

js-ctypes provides JS coders a variety of footguns, but it might be possible to detect some of these. For example, allocated data (specifically, arrays) could have a canary value at the end, to detect accidental overflow.

eg

var foo = ctypes.char.array(10);
libc.bzero(foo, 20);

I'm not sure if this would be robust to a clever attacker trying to exploit bad JS code, but it's mainly interesting for helping to catch subtle bugs closer to the source of the problem.
The big question is when to test the canary.

* At every value (or field, or element) access of the CData?
* At every write?
* At finalization?

Testing the canary won't be expensive, so we could do it for all of the above.

Putting a canary at the beginning of the data might be somewhat useful, too. If we're talking a word at the beginning and a word at the end, that's still peanuts compared to the overhead of a JSObject.
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.