Open
Bug 558946
Opened 15 years ago
Updated 2 years ago
Consider adding a canary to cdata objects to detect overflow
Categories
(Core :: js-ctypes, enhancement)
Core
js-ctypes
Tracking
()
NEW
People
(Reporter: Dolske, Unassigned)
References
(Blocks 1 open bug)
Details
js-ctypes provides JS coders a variety of footguns, but it might be possible to detect some of these. For example, allocated data (specifically, arrays) could have a canary value at the end, to detect accidental overflow. eg var foo = ctypes.char.array(10); libc.bzero(foo, 20); I'm not sure if this would be robust to a clever attacker trying to exploit bad JS code, but it's mainly interesting for helping to catch subtle bugs closer to the source of the problem.
Comment 1•15 years ago
|
||
The big question is when to test the canary. * At every value (or field, or element) access of the CData? * At every write? * At finalization? Testing the canary won't be expensive, so we could do it for all of the above. Putting a canary at the beginning of the data might be somewhat useful, too. If we're talking a word at the beginning and a word at the end, that's still peanuts compared to the overhead of a JSObject.
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•