Open Bug 903638 Opened 12 years ago Updated 3 years ago

Audit new[] usage

Categories

(Core :: General, defect)

Product:

Component:

Type:

defect

Priority:

Not set

Severity:

S3

Tracking

()

Status:

NEW

People

(Reporter: khuey, Unassigned)

References

Details

Kyle Huey (Exited; not receiving bugmail, old account, do not use)

Reporter

Description

•

12 years ago

new[] is infallible, and we appear to have a number of sites where the length of the allocation is directly controlled by untrusted content. http://mxr.mozilla.org/mozilla-central/search?string=nsAutoArrayPtr&find=&findi=&filter=^[^\0]*%24&hitlimit=&tree=mozilla-central is probably a good starting point.

Updated

•

3 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.