On Mon, Jul 17, 2017 at 09:52:55AM -0700, Bobby Holley wrote:
On Mon, Jul 17, 2017 at 9:42 AM, Benjamin Smedberg <benja...@smedbergs.us>
wrote:
I don't know really anything about how rust panics get reflected into
crash-data. Who would be the right person to talk to about that?
Rust panics are equivalent to MOZ_CRASHES, and we treat them as such (or at
least try to, see bug 1379857).
Rust makes it easier to put non-constant things in the crash strings, which
can be quite useful (see [1] as an example). They're not used often, and it
seems unlikely that the existing use-cases would pose privacy issues, but I
don't have a good proposal for enforcing that.
It would be nice if we could add a commit hook that required a
data-r tag for any changes that add MOZ_CRASH_UNSAFE_PRINTF or a
Rust panic with a non-static string. I suspect it's something
that most people will tend to overlook. For the cases that are
clearly not data privacy issues, we could accept data-r=trivial,
or something like that.
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
