Security/Reviews/Firefox4/ByteArray Security Review

From MozillaWiki
Jump to: navigation, search

Bytearray

You get access to a predefined array that maps pretty literally to a chunk of memory. Can't access pointers or other underlying mechanisms (in theory).

Maybe you could inject values into the bytearray that would be a NaN (inside of a GPU especially).. this would probably cause major slowness/DoS at worst.

Related security bug: 555721

Contains only scalar types

Always contiguous

Zeroed out at allocation time

Size limit = number of bytes = 2^31