Closed
Bug 1235041
Opened 9 years ago
Closed 9 years ago
[Static Analysis][Unintentional integer overflow] In functions GCSchedulingTunables::setParameter and GCRuntime::setParameter from jsgc.cpp
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla46
| Tracking | Status | |
|---|---|---|
| firefox46 | --- | fixed |
People
(Reporter: andi, Assigned: andi)
References
(Blocks 1 open bug)
Details
(Keywords: coverity, Whiteboard: CID 1345642 )
Attachments
(1 file)
|
2.29 KB,
patch
|
jonco
:
review+
|
Details | Diff | Splinter Review |
The Static Analysis tool Coverity added that there could be uintentional integer overflow in:
>> break;
>> case JSGC_DECOMMIT_THRESHOLD:
>> decommitThreshold = value * 1024 * 1024;
>> break;
and
>> case JSGC_HIGH_FREQUENCY_LOW_LIMIT:
>> highFrequencyLowLimitBytes_ = value * 1024 * 1024;
>> if (highFrequencyLowLimitBytes_ >= highFrequencyHighLimitBytes_)
>> highFrequencyHighLimitBytes_ = highFrequencyLowLimitBytes_ + 1;
>> MOZ_ASSERT(highFrequencyHighLimitBytes_ > highFrequencyLowLimitBytes_);
>> break;
>> case JSGC_HIGH_FREQUENCY_HIGH_LIMIT:
>> MOZ_ASSERT(value > 0);
>> highFrequencyHighLimitBytes_ = value * 1024 * 1024;
This can happen when value >= 2^12 since the result, for this we should cast value to uint64_t
|
Assignee | |
Comment 1•9 years ago
|
||
Attachment #8701803 -
Flags: review?(jorendorff)
|
||
Comment 2•9 years ago
|
||
Comment on attachment 8701803 [details] [diff] [review]
Bug 1235041.diff
Review of attachment 8701803 [details] [diff] [review]:
-----------------------------------------------------------------
Looks good, thanks for the patch!
Attachment #8701803 -
Flags: review?(jorendorff) → review+
|
|
Assignee | |
Updated•9 years ago
|
Keywords: checkin-needed
Keywords: checkin-needed
|
||
Comment 4•9 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla46
You need to log in
before you can comment on or make changes to this bug.
Description
•