Mercurial > integration > mozilla-inbound / changeset / 48ae8b5e62abe33612418ccb073a00b4ce6bfcd5
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1167489 and bug 1153672. Clamp the resolution of performance.now() calls to 5us, because otherwise we allow various timing attacks that depend on high accuracy timers. r=froydnj
authorBoris Zbarsky <bzbarsky@mit.edu>
Tue, 07 Jul 2015 17:37:50 -0400
changeset 251799 48ae8b5e62abe33612418ccb073a00b4ce6bfcd5
parent 251798 007f1cea86fbca274283ed88165c8140a071cc89
child 251800 e3a5dbe2d697f7b8d05ec8fd2af4025e7e407d50
push id61956
push userbzbarsky@mozilla.com
push dateTue, 07 Jul 2015 21:38:28 +0000
treeherdermozilla-inbound@e3a5dbe2d697 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersfroydnj
bugs1167489, 1153672
milestone42.0a1
first release with
nightly linux32
9b902b7669ae / 42.0a1 / 20150708030204 / files
nightly linux64
9b902b7669ae / 42.0a1 / 20150708030204 / files
nightly mac
9b902b7669ae / 42.0a1 / 20150708030204 / files
nightly win32
9b902b7669ae / 42.0a1 / 20150708030204 / files
nightly win64
9b902b7669ae / 42.0a1 / 20150708030204 / files
last release without
nightly linux32
e7e69cc8c07b / 42.0a1 / 20150707030206 / files
nightly linux64
e7e69cc8c07b / 42.0a1 / 20150707030206 / files
nightly mac
e7e69cc8c07b / 42.0a1 / 20150707030206 / files
nightly win32
e7e69cc8c07b / 42.0a1 / 20150707030206 / files
nightly win64
e7e69cc8c07b / 42.0a1 / 20150707030206 / files
Bug 1167489 and bug 1153672. Clamp the resolution of performance.now() calls to 5us, because otherwise we allow various timing attacks that depend on high accuracy timers. r=froydnj
dom/base/nsPerformance.cpp file | annotate | diff | comparison | revisions 
--- a/dom/base/nsPerformance.cpp
+++ b/dom/base/nsPerformance.cpp
@@ -496,17 +496,21 @@ nsPerformance::Navigation()
     mNavigation = new nsPerformanceNavigation(this);
   }
   return mNavigation;
 }
 
 DOMHighResTimeStamp
 nsPerformance::Now() const
 {
-  return GetDOMTiming()->TimeStampToDOMHighRes(TimeStamp::Now());
+  double nowTimeMs = GetDOMTiming()->TimeStampToDOMHighRes(TimeStamp::Now());
+  // Round down to the nearest 0.005ms (5us), because if the timer is too
+  // accurate people can do nasty timing attacks with it.
+  const double maxResolutionMs = 0.005;
+  return floor(nowTimeMs / maxResolutionMs) * maxResolutionMs;
 }
 
 JSObject*
 nsPerformance::WrapObject(JSContext *cx, JS::Handle<JSObject*> aGivenProto)
 {
   return PerformanceBinding::Wrap(cx, this, aGivenProto);
 }
mozilla-inbound
Deployed from a8f3b23c660e at 2023-03-13T16:25:25Z.