Closed
Bug 673808
Opened 13 years ago
Closed 13 years ago
_CACHE_MAP_ is storing nsDiskCacheRecord structs with uninitialized data containing bits of Fx memory
Categories
(Core :: Networking: Cache, defect)
Tracking
()
RESOLVED
FIXED
mozilla8
People
(Reporter: al_9x, Unassigned)
References
Details
(Whiteboard: [sg:low local])
Attachments
(1 file)
1.81 KB,
patch
|
bzbarsky
:
review+
|
Details | Diff | Splinter Review |
You should be able to find clusters of contiguous nsDiskCacheRecord structs whose mHashNumber is 0 and the other 12 bytes appear to be effectively a Fx memory dump of readable profile data (I've seen bookmarks jason, javascript) Even though the data is full of 4 byte holes (mHashNumber), because the records are contiguous, the data is more or less readable. Fx should not be inadvertently storing potentially sensitive profile data in a totally unexpected location.
Updated•13 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 1•13 years ago
|
||
Attachment #548407 -
Flags: review?(bzbarsky)
Comment 2•13 years ago
|
||
Comment on attachment 548407 [details] [diff] [review] clear new uninitialized memory r=me
Attachment #548407 -
Flags: review?(bzbarsky) → review+
Comment 3•13 years ago
|
||
Tryserver is green except few intermittent failures. http://hg.mozilla.org/mozilla-central/rev/dd7d71277a15
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Updated•13 years ago
|
Whiteboard: [sg:low local]
Comment 4•13 years ago
|
||
Please set the target milestone when checking things in....
Target Milestone: --- → mozilla8
Comment 5•13 years ago
|
||
Comment on attachment 548407 [details] [diff] [review] clear new uninitialized memory >- // Clear the new empty entries >- for (PRUint32 i = count; i < newRecordsPerBucket; ++i) >- newRecords[i].SetHashNumber(0); I think this block is still necessary when newArray + bucketIndex * newRecordsPerBucket + i < mHeader.mRecordCount since these are old entries that are no longer used and may otherwise be confused with live entries.
You need to log in
before you can comment on or make changes to this bug.
Description
•