Closed
Bug 823369
Opened 13 years ago
Closed 13 years ago
mozilla::widget::EventFlags assumes its size is less than uint32_t
Categories
(Core :: Widget, defect)
Core
Widget
Tracking
()
RESOLVED
FIXED
mozilla20
People
(Reporter: bent.mozilla, Assigned: masayuki)
References
Details
Attachments
(1 file, 2 obsolete files)
|
1.00 KB,
patch
|
smaug
:
review+
|
Details | Diff | Splinter Review |
This code will corrupt the stack if the size of the EventFlags struct ever grows beyond a uint32_t.
571 inline uint32_t GetRawFlags() const
572 {
573 uint32_t result = 0;
574 memcpy(&result, this, sizeof(EventFlags));
575 return result;
576 }
|
||
Comment 1•13 years ago
|
||
MOZ_STATIC_ASSERT(sizeof(mozilla::widget::EventFlags) <= sizeof(uint32_t)); would be enough at the moment.
Blocks: 813445
|
Assignee | |
Comment 2•13 years ago
|
||
with this patch:
https://tbpl.mozilla.org/?tree=Try&usebuildbot=1&rev=371f294f50f3
should fail:
https://tbpl.mozilla.org/?tree=Try&usebuildbot=1&rev=d0d851c0ce93
Assignee: nobody → masayuki
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 3•13 years ago
|
||
https://tbpl.mozilla.org/?tree=Try&usebuildbot=1&rev=381039d39f40
https://tbpl.mozilla.org/?tree=Try&usebuildbot=1&rev=57bde456e824
Attachment #694769 -
Attachment is obsolete: true
|
|
Assignee | |
Updated•13 years ago
|
Attachment #694799 -
Flags: review?(bugs)
|
||
Comment 5•13 years ago
|
||
Comment on attachment 694799 [details] [diff] [review]
Patch
"mozilla::widget::EventFlags must not be bigger than the RawFlags"
that should take care of the = part of the comparison.
Attachment #694799 -
Flags: review?(bugs) → review+
|
|
Assignee | |
Comment 6•13 years ago
|
||
|
||
Comment 7•13 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla20
You need to log in
before you can comment on or make changes to this bug.
Description
•