memory safety bug with enqueueMap*

[andreasgal]

mPtr is assigned to the pointer returned by enqueue and it is then wrapped into a buffer. The buffer is returned. If the user does an enqueueUnmap*, mPtr is freed, but the buffer object might still be around, and accessing that is bad news.

To make matters worse, ArrayBuffers can be sliced and TypedArray views can be wrapped around them, and all those instances become unsafe.

No trivial fix for this, except copying, which would suck.

[mikeseven]

Yes I know, it's unsafe but I didn't want to do a copy. Maybe there is a way to detect such bad conditions.

--mike

On Wed, Apr 6, 2016 at 4:42 PM -0700, "Andreas Gal" <notifications@github.commailto:notifications@github.com> wrote:

mPtr is assigned to the pointer returned by enqueue and it is then wrapped into a buffer. The buffer is returned. If the user does an enqueueUnmap*, mPtr is freed, but the buffer object might still be around, and accessing that is bad news.

To make matters worse, ArrayBuffers can be sliced and TypedArray views can be wrapped around them, and all those instances become unsafe.

No trivial fix for this, except copying, which would suck.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHubhttps://github.com//issues/43