Closed Bug 987933 Opened 11 years ago Closed 10 years ago

OOM: inlineScriptedCall() forgets to check TypeSet::clone() return

Tracking

()

Status:

RESOLVED WORKSFORME

People

(Reporter: sstangl, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: sec-other)

Attachments

(1 file)

patch 11 years ago Sean Stangl [:sstangl] (deleted), patch		Details \| Diff \| Splinter Review

Sean Stangl [:sstangl]

Reporter

Description

•

11 years ago

Simple thinko. Testcase from decoder (js__jit__MTypeBarrier__MTypeBarrier.txt). Probably not exploitable.

Andrew McCreight [:mccr8]

Comment 1

•

11 years ago

Setting to sec-other per comment 0. Feel free to adjust.

Keywords: sec-other

Sean Stangl [:sstangl]

Reporter

Comment 2

•

10 years ago

Comment on attachment 8396640 [details] [diff] [review] patch Apparently I requested review from myself on this patch? It's been fixed in the meantime.

Attachment #8396640 - Flags: review?

Sean Stangl [:sstangl]

Reporter

Updated

•

10 years ago

Status: NEW → RESOLVED

Closed: 10 years ago

Resolution: --- → WORKSFORME

BMO Automation

Updated

•

9 years ago

Group: core-security → core-security-release

Daniel Veditz [:dveditz]

Updated

•

7 years ago

Group: core-security-release

You need to log in before you can comment on or make changes to this bug.

Bugzilla

OOM: inlineScriptedCall() forgets to check TypeSet::clone() return

Categories

(Core :: JavaScript Engine, defect)

Tracking

()

People

(Reporter: sstangl, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: sec-other)

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2

Updated

Updated

Updated

Attachment

General

Description

File Name

Content Type