Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 437626 Details for
Bug 586002
www-client/firefox with musl: stack overflow in brotli WriteRingBuffer
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch from upstream
firefox-47.0-fix-crash-in-brotli-WriteRingBuffer.patch (text/plain), 2.95 KB, created by
tt_1
on 2016-06-15 09:14:05 UTC
(
hide
)
Description:
patch from upstream
Filename:
MIME Type:
Creator:
tt_1
Created:
2016-06-15 09:14:05 UTC
Size:
2.95 KB
patch
obsolete
># HG changeset patch ># User Natanael Copa <ncopa@alpinelinux.org> ># Date 1464530364 -7200 ># Node ID 5bc75c0144b55d799e80ea23a2e3244870d2f834 ># Parent 1f056b981b1f7e6e449cf1e67ee55481e569cdc7 >Bug 1274732 - Avoid allocate 128k buffer on stack r=mcmanus > >Move the 128k buffer for brotli decompression to the heap instead of stack. >This fixes crash with musl libc which provides 80k stack by default. > >MozReview-Commit-ID: 9cDlFO5eoi1 > >diff --git a/netwerk/streamconv/converters/nsHTTPCompressConv.cpp b/netwerk/streamconv/converters/nsHTTPCompressConv.cpp >--- a/netwerk/streamconv/converters/nsHTTPCompressConv.cpp >+++ b/netwerk/streamconv/converters/nsHTTPCompressConv.cpp >@@ -160,31 +160,36 @@ nsHTTPCompressConv::OnStopRequest(nsIReq > NS_METHOD > nsHTTPCompressConv::BrotliHandler(nsIInputStream *stream, void *closure, const char *dataIn, > uint32_t, uint32_t aAvail, uint32_t *countRead) > { > MOZ_ASSERT(stream); > nsHTTPCompressConv *self = static_cast<nsHTTPCompressConv *>(closure); > *countRead = 0; > >- const uint32_t kOutSize = 128 * 1024; // just a chunk size, we call in a loop >- unsigned char outBuffer[kOutSize]; >- unsigned char *outPtr; >+ const size_t kOutSize = 128 * 1024; // just a chunk size, we call in a loop >+ uint8_t *outPtr; > size_t outSize; > size_t avail = aAvail; > BrotliResult res; > > if (!self->mBrotli) { > *countRead = aAvail; > return NS_OK; > } > >+ auto outBuffer = MakeUniqueFallible<uint8_t[]>(kOutSize); >+ if (outBuffer == nullptr) { >+ self->mBrotli->mStatus = NS_ERROR_OUT_OF_MEMORY; >+ return self->mBrotli->mStatus; >+ } >+ > do { > outSize = kOutSize; >- outPtr = outBuffer; >+ outPtr = outBuffer.get(); > > // brotli api is documented in brotli/dec/decode.h and brotli/dec/decode.c > LOG(("nsHttpCompresssConv %p brotlihandler decompress %d\n", self, avail)); > res = ::BrotliDecompressStream( > &avail, reinterpret_cast<const unsigned char **>(&dataIn), > &outSize, &outPtr, &self->mBrotli->mTotalOut, &self->mBrotli->mState); > outSize = kOutSize - outSize; > LOG(("nsHttpCompresssConv %p brotlihandler decompress rv=%x out=%d\n", >@@ -205,17 +210,17 @@ nsHTTPCompressConv::BrotliHandler(nsIInp > self->mBrotli->mStatus = NS_ERROR_UNEXPECTED; > return self->mBrotli->mStatus; > } > } > if (outSize > 0) { > nsresult rv = self->do_OnDataAvailable(self->mBrotli->mRequest, > self->mBrotli->mContext, > self->mBrotli->mSourceOffset, >- reinterpret_cast<const char *>(outBuffer), >+ reinterpret_cast<const char *>(outBuffer.get()), > outSize); > LOG(("nsHttpCompressConv %p BrotliHandler ODA rv=%x", self, rv)); > if (NS_FAILED(rv)) { > self->mBrotli->mStatus = rv; > return self->mBrotli->mStatus; > } > } >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 586002
: 437626