Security/Reviews/Firefox4/ByteArray Security Review: Difference between revisions
Jump to navigation
Jump to search
(Created page with "Bytearray You get access to a predefined array that maps pretty literally to a chunk of memory. Can't access pointers or other underlying mechanisms (in theory). Maybe you could...") |
No edit summary |
||
| Line 1: | Line 1: | ||
Bytearray | Bytearray | ||
You get access to a predefined array that maps pretty literally to a chunk of memory. Can't access pointers or other underlying mechanisms (in theory). | You get access to a predefined array that maps pretty literally to a chunk of memory. Can't access pointers or other underlying mechanisms (in theory). | ||
Maybe you could inject values into the bytearray that would be a NaN (inside of a GPU especially).. this would probably cause major slowness/DoS at worst. | Maybe you could inject values into the bytearray that would be a NaN (inside of a GPU especially).. this would probably cause major slowness/DoS at worst. | ||
Related security bug: 555721 | Related security bug: 555721 | ||
Contains only scalar types | Contains only scalar types | ||
Always contiguous | Always contiguous | ||
Zeroed out at allocation time | Zeroed out at allocation time | ||
Size limit = number of bytes = 2^31 | Size limit = number of bytes = 2^31 | ||
Latest revision as of 00:45, 2 March 2011
Bytearray
You get access to a predefined array that maps pretty literally to a chunk of memory. Can't access pointers or other underlying mechanisms (in theory).
Maybe you could inject values into the bytearray that would be a NaN (inside of a GPU especially).. this would probably cause major slowness/DoS at worst.
Related security bug: 555721
Contains only scalar types
Always contiguous
Zeroed out at allocation time
Size limit = number of bytes = 2^31