Security/Reviews/Firefox4/ByteArray Security Review

From MozillaWiki
< Security‎ | Reviews‎ | Firefox4
Revision as of 00:44, 2 March 2011 by Ladamski (talk | contribs) (Created page with "Bytearray You get access to a predefined array that maps pretty literally to a chunk of memory. Can't access pointers or other underlying mechanisms (in theory). Maybe you could...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Bytearray You get access to a predefined array that maps pretty literally to a chunk of memory. Can't access pointers or other underlying mechanisms (in theory). Maybe you could inject values into the bytearray that would be a NaN (inside of a GPU especially).. this would probably cause major slowness/DoS at worst. Related security bug: 555721 Contains only scalar types Always contiguous Zeroed out at allocation time Size limit = number of bytes = 2^31