Closed
Bug 1452602
Opened 7 years ago
Closed 7 years ago
Mark some shell functions as fuzzing-safe
Categories
(Core :: JavaScript Engine, enhancement, P3)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla61
| Tracking | Status | |
|---|---|---|
| firefox61 | --- | fixed |
People
(Reporter: jandem, Assigned: jandem)
References
Details
Attachments
(1 file)
|
(deleted),
patch
|
jonco
:
review+
gkw
:
feedback+
|
Details | Diff | Splinter Review |
No description provided.
|
Assignee | |
Comment 1•7 years ago
|
||
Maybe we can do some fuzzing first in case this uncovers serious bugs.
Attachment #8966178 -
Flags: feedback?(nth10sd)
Attachment #8966178 -
Flags: feedback?(choller)
Comment on attachment 8966178 [details] [diff] [review]
Patch
This didn't immediately blow up jsfunfuzz et al, but I guess the following functions have to be added to it?
grayRoot()
addMarkObservers(array_of_objects)
clearMarkObservers()
getMarks()
Flags: needinfo?(jdemooij)
Attachment #8966178 -
Flags: feedback?(nth10sd) → feedback+
|
|
Assignee | |
Comment 3•7 years ago
|
||
(In reply to Gary Kwong [:gkw] [:nth10sd] from comment #2)
> This didn't immediately blow up jsfunfuzz et al
Thanks for testing!
> but I guess the following functions have to be added to it?
Yeah, also dumpScopeChain(obj) - although that one probably isn't too important.
Flags: needinfo?(jdemooij)
|
||
Updated•7 years ago
|
Priority: -- → P3
|
|
Assignee | |
Updated•7 years ago
|
Attachment #8966178 -
Flags: review?(jcoppeard)
|
||
Comment 4•7 years ago
|
||
Comment on attachment 8966178 [details] [diff] [review]
Patch
Review of attachment 8966178 [details] [diff] [review]:
-----------------------------------------------------------------
::: js/src/shell/js.cpp
@@ +6150,5 @@
> + auto* observers =
> + cx->new_<MarkBitObservers>(cx->runtime(), NonshrinkingGCObjectVector());
> + if (!observers)
> + return nullptr;
> + sc->markObservers.reset(observers);
Is this change necessary?
Attachment #8966178 -
Flags: review?(jcoppeard) → review+
|
|
Assignee | |
Comment 5•7 years ago
|
||
Comment on attachment 8966178 [details] [diff] [review]
Patch
decoder said he likely tested this and suggested landing.
Attachment #8966178 -
Flags: feedback?(choller)
|
|
Assignee | |
Comment 6•7 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/cf2687e4e96eaff899122f321ef3391ba5a5a260
(In reply to Jon Coppeard (:jonco) from comment #4)
> Is this change necessary?
Hm you're right, maybe not strictly necessary, but I like immediately returning on OOM.
Group: javascript-core-security
Keywords: sec-other
|
||
Comment 7•7 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox61:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla61
You need to log in
before you can comment on or make changes to this bug.
Description
•