Bug 1114867 - Manually inline RtlSecureZeroMemory in GMPLoader, to ensure it doesn't wipe its own stack while running. r=dmajor
authorChris Pearce <cpearce@mozilla.com>
Tue, 06 Jan 2015 07:36:42 +1300
changeset 247878 e573fcf6096891655da49bfb170ed62acb3df848
parent 247877 cffdee8c23ad475528fea073db0e368ee5867510
child 247879 c7fdb9bfb6720d288c3cb13dcf4a7eeb4bb1b2d8
push id4489
push userraliiev@mozilla.com
push dateMon, 23 Feb 2015 15:17:55 +0000
treeherdermozilla-beta@fd7c3dc24146 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdmajor
bugs1114867
milestone37.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1114867 - Manually inline RtlSecureZeroMemory in GMPLoader, to ensure it doesn't wipe its own stack while running. r=dmajor
dom/media/gmp/GMPLoader.cpp
--- a/dom/media/gmp/GMPLoader.cpp
+++ b/dom/media/gmp/GMPLoader.cpp
@@ -151,17 +151,23 @@ GMPLoaderImpl::Load(const char* aLibPath
     // called could have left user identifiable data on the stack,
     // so carefully zero the stack down to the guard page.
     uint8_t* top;
     uint8_t* bottom;
     if (!GetStackAfterCurrentFrame(&top, &bottom)) {
       return false;
     }
     assert(top >= bottom);
-    SecureZeroMemory(bottom, (top - bottom));
+    // Inline instructions equivalent to RtlSecureZeroMemory().
+    // We can't just use RtlSecureZeroMemory here directly, as in debug
+    // builds, RtlSecureZeroMemory() can't be inlined, and the stack
+    // memory it uses would get wiped by itself running, causing crashes.
+    for (volatile uint8_t* p = (volatile uint8_t*)bottom; p < top; p++) {
+      *p = 0;
+    }
   } else
 #endif
   {
     nodeId = std::string(aOriginSalt, aOriginSalt + aOriginSaltLen);
   }
 
   // Start the sandbox now that we've generated the device bound node id.
   // This must happen after the node id is bound to the device id, as