Security/Reviews/Firefox4/ByteArray Security Review

From MozillaWiki
< Security‎ | Reviews‎ | Firefox4
Revision as of 00:45, 2 March 2011 by Ladamski (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Bytearray

You get access to a predefined array that maps pretty literally to a chunk of memory. Can't access pointers or other underlying mechanisms (in theory).

Maybe you could inject values into the bytearray that would be a NaN (inside of a GPU especially).. this would probably cause major slowness/DoS at worst.

Related security bug: 555721

Contains only scalar types

Always contiguous

Zeroed out at allocation time

Size limit = number of bytes = 2^31

Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Reviews/Firefox4/ByteArray_Security_Review&oldid=287940"