Security/Reviews/Firefox4/ByteArray Security Review
Jump to navigation
Jump to search
Bytearray You get access to a predefined array that maps pretty literally to a chunk of memory. Can't access pointers or other underlying mechanisms (in theory). Maybe you could inject values into the bytearray that would be a NaN (inside of a GPU especially).. this would probably cause major slowness/DoS at worst. Related security bug: 555721 Contains only scalar types Always contiguous Zeroed out at allocation time Size limit = number of bytes = 2^31