Confirmed users
729
edits
Platform/2010-11-30: Difference between revisions
Add roundtable item "Infallible malloc"
(Copy template for 2010-11-30 meeting) |
(Add roundtable item "Infallible malloc") |
||
| Line 20: | Line 20: | ||
= Roundtable = | = Roundtable = | ||
* Infallible malloc <small>(added to agenda by Jesse)</small> | |||
** The problem, which has only recently come to light: | |||
*** We haven't actually made <code>malloc</code> infallible yet. We already made <code>new</code> infallible for Firefox 4, but many data structures (including arrays and strings) can still misbehave on OOM because [https://bugzilla.mozilla.org/show_bug.cgi?id=611123 <code>malloc</code> can still return NULL]. | |||
*** Many exploitable OOM bugs are in system libraries rather than Firefox itself. Replacing <code>malloc</code> may be the <em>only</em> way for us to work around all of these bugs. | |||
*** Security researchers have been reporting many OOM bugs lately. | |||
**** We often can't reproduce what they see because we OOM slightly earlier or later. | |||
**** This is a recipe for embarrassment when "old" testcases find "new" bugs, as Alex Miller [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=504342,583077,606714 discovered]. | |||
**** [https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3A%22%5Bsg%3Acritical%22+whiteboard%3Aoom 3 open sg:critical bugs that we can't do anything about] | |||
** The plan of record: | |||
*** [https://bugzilla.mozilla.org/show_bug.cgi?id=610823 Fix <code>nsTArray</code>] | |||
** Proposal: | |||
*** [https://bugzilla.mozilla.org/show_bug.cgi?id=611123 Make <code>malloc</code> infallible] | |||
*** Fix too-large-allocation crashes (distinct from OOM), which will be obvious in crash-stats. | |||
**** Will require exposing a fallible malloc somehow | |||
**** May require adding methods or variants to string classes, for example. | |||