Bug 673808 - _CACHE_MAP_ is storing nsDiskCacheRecord structs with uninitialized data containing bits of Fx memory
authorMichal Novotny <michal.novotny@gmail.com>
Tue, 26 Jul 2011 13:09:42 +0200
changeset 73497 dd7d71277a15b7f485c42499a1699d0ca41a5e78
parent 73496 6fd3e4c0082dd2e8eff2efa5a935ba3d1ccd9b99
child 73498 3a78019c34e596348c52472a00bd17c68236c34f
child 76083 fbeb8b5a8a98eb50b462931668822a3ebd605880
push id20879
push usermnovotny@mozilla.com
push dateThu, 28 Jul 2011 22:42:47 +0000
treeherdermozilla-central@dd7d71277a15 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs673808
milestone8.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 673808 - _CACHE_MAP_ is storing nsDiskCacheRecord structs with uninitialized data containing bits of Fx memory
netwerk/cache/nsDiskCacheMap.cpp
--- a/netwerk/cache/nsDiskCacheMap.cpp
+++ b/netwerk/cache/nsDiskCacheMap.cpp
@@ -306,30 +306,31 @@ nsDiskCacheMap::GrowRecords()
     PRInt32 newCount = mHeader.mRecordCount << 1;
     if (newCount > mMaxRecordCount)
         newCount = mMaxRecordCount;
     nsDiskCacheRecord *newArray = (nsDiskCacheRecord *)
             PR_REALLOC(mRecordArray, newCount * sizeof(nsDiskCacheRecord));
     if (!newArray)
         return NS_ERROR_OUT_OF_MEMORY;
 
+    // clear the new uninitialized memory
+    memset(newArray + mHeader.mRecordCount, 0,
+           (newCount - mHeader.mRecordCount) * sizeof(nsDiskCacheRecord));
+
     // Space out the buckets
     PRUint32 oldRecordsPerBucket = GetRecordsPerBucket();
     PRUint32 newRecordsPerBucket = newCount / kBuckets;
     // Work from back to space out each bucket to the new array
     for (int bucketIndex = kBuckets - 1; bucketIndex >= 0; --bucketIndex) {
         // Move bucket
         nsDiskCacheRecord *newRecords = newArray + bucketIndex * newRecordsPerBucket;
         const PRUint32 count = mHeader.mBucketUsage[bucketIndex];
         memmove(newRecords,
                 newArray + bucketIndex * oldRecordsPerBucket,
                 count * sizeof(nsDiskCacheRecord));
-        // Clear the new empty entries
-        for (PRUint32 i = count; i < newRecordsPerBucket; ++i)
-            newRecords[i].SetHashNumber(0);
     }
 
     // Set as the new record array
     mRecordArray = newArray;
     mHeader.mRecordCount = newCount;
     return NS_OK;
 }