Yeah, we don't need to leave this private, it's at most an DOS (unexploitable crash).
Assignee: nobody → general
Status: UNCONFIRMED → NEW
blocking2.0: --- → betaN+
Ever confirmed: true
QA Contact: general → general
Whiteboard: [sg:dos] null deref
I can only find Deserialize() in shell/js.cpp - was your crash in the browser or shell? If this is shell only it should unblock.
Sorry, I was not aware that deserialize() is indeed only a shell function. Yes this was observed in the shell, but I thought the interface is accessible in browser as well.
blocking2.0: betaN+ → -
Another cosmetical problem of the same category (will assert only) deserialize(new Uint8ClampedArray(1));
The bug from comment 0 is a silly rookie mistake on my part. Definitely shell only. Trivial to fix.
Assignee: general → jorendorff
Attachment #495631 - Flags: review?(jwalden+bmo)
Attachment #495631 - Flags: review?(jwalden+bmo) → review+
Whiteboard: [sg:dos] null deref → [fixed-in-tracemonkey][sg:dos] null deref
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.