Closed
Bug 710989
Opened 14 years ago
Closed 12 years ago
Possible memset underflow in Time::Explode()
Categories
(Core :: IPC, defect)
Core
IPC
Tracking
()
RESOLVED
FIXED
mozilla21
People
(Reporter: Dolske, Assigned: charles.wh.chan)
References
Details
(Whiteboard: [pvs-studio][good first bug][lang=c++])
Attachments
(1 file)
|
1.00 KB,
patch
|
cjones
:
review+
|
Details | Diff | Splinter Review |
From http://www.viva64.com/en/a/0078/,
6th section in http://www.viva64.com/external-pictures/txt/mozilla-test.txt
V512 A call of the 'memset' function will lead to underflow of the buffer '(exploded)'.
time_win.cc 198
void Time::Explode(bool is_local, Exploded* exploded) const {
...
ZeroMemory(exploded, sizeof(exploded));
...
}
I think there could be written like this.
ZeroMemory(exploded, sizeof(*exploded));
|
||
Updated•14 years ago
|
Whiteboard: [pvs-studio] → [pvs-studio][good first bug][lang=c++]
I don't think we use Time for anything in gecko, but this is probably fixed upstream in chromium. If not we should file there too.
|
Assignee | |
Comment 2•13 years ago
|
||
(In reply to Chris Jones [:cjones] [:warhammer] from comment #1)
> I don't think we use Time for anything in gecko, but this is probably fixed
> upstream in chromium. If not we should file there too.
Yes. It appears the issue has already been resolved in Chromium. See ~Line 255
http://src.chromium.org/viewvc/chrome/trunk/src/base/time_win.cc?view=annotate
|
|
Assignee | |
Comment 3•13 years ago
|
||
Just out of curiosity, why is there a copy of the Chromium src within the Mozilla source code?
|
|
Assignee | |
Comment 4•13 years ago
|
||
Fix the ZeroMemory() issue in the Mozilla src tree, please review.
Attachment #608963 -
Flags: review?(dolske)
|
Reporter | |
Comment 5•13 years ago
|
||
Comment on attachment 608963 [details] [diff] [review]
Bug 710989: Patch-1
This is in Chris's area, so moving review.
Thanks for the patch!
Attachment #608963 -
Flags: review?(dolske) → review?(jones.chris.g)
|
|
||
Comment 6•13 years ago
|
||
(In reply to Charles Chan from comment #3)
> Just out of curiosity, why is there a copy of the Chromium src within the
> Mozilla source code?
Gecko uses Chromium's inter-process communication library. Here is a link to a list of third-party code located in the tree: https://wiki.mozilla.org/ThirdPartyCode
Comment on attachment 608963 [details] [diff] [review]
Bug 710989: Patch-1
Sorry for the review latency.
Attachment #608963 -
Flags: review?(jones.chris.g) → review+
|
||
Comment 8•12 years ago
|
||
Oops. I'll see if this is still valid on trunk.
Assignee: nobody → charles.wh.chan
|
|
||
Comment 9•12 years ago
|
||
|
||
Comment 10•12 years ago
|
||
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla21
You need to log in
before you can comment on or make changes to this bug.
Description
•