Skip to content

Commit

Permalink
Bug 1414901 - part 1a - make mozWritePoison respect its documentation…
Browse files Browse the repository at this point in the history
…; r=Waldo

The documentation for mozWritePoison says that only an even number of
sizeof(uintptr_t) bytes are overwritten; any trailing bytes are not
touched.  This documentation doesn't correspond to how the function
actually works.  The function as written will happily overwrite trailing
bytes and any bytes not contained in the object, if the passed-in size
isn't divisible by sizeof(uintptr_t).  Let's fix that.
  • Loading branch information
froydnj committed Mar 6, 2018
1 parent 3758b8f commit 450618b
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion mfbt/Poison.h
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ inline void mozWritePoison(void* aPtr, size_t aSize)
{
const uintptr_t POISON = mozPoisonValue();
char* p = (char*)aPtr;
char* limit = p + aSize;
char* limit = p + (aSize & ~(sizeof(uintptr_t) - 1));
MOZ_ASSERT((uintptr_t)aPtr % sizeof(uintptr_t) == 0, "bad alignment");
MOZ_ASSERT(aSize >= sizeof(uintptr_t), "poisoning this object has no effect");
for (; p < limit; p += sizeof(uintptr_t)) {
Expand Down

0 comments on commit 450618b

Please sign in to comment.