The following testcase crashes on mozilla-central revision 6687d299c464 (run with --fuzzing-safe): gcparam('markStackLimit', .4 );
This causes various crashes and assertions, but I assume it's shell-only. However, because of the crash types, this should be considered a fuzzblocker (they easily look like sec-high/sec-critical issues).
Created attachment 8376720 [details] [diff] [review] gcparam.patch So the problem is simple. Although the error message in GCParameter seems to indicate that we check for a non-zero value, we don't. The conversion silently converts any non-integers to 0 and we get a crash.
Assignee: nobody → choller
Status: NEW → ASSIGNED
Attachment #8376720 - Flags: review?(evilpies)
Attachment #8376720 - Flags: review?(evilpies) → review+
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla30
You need to log in before you can comment on or make changes to this bug.