Re: Allocator mismatches

2009-03-31 Thread Nelson Bolyard
Jean-Marc Desperrier wrote: > Nelson B Bolyard wrote: >> The problem is in the way that Mozilla builds JEMalloc for FF on Windows. >> They build a replacement for the Microsoft C RunTime Library. This >> replacement is a hybrid, built in part from JEMalloc source code, and in >> part from Microsof

Re: Allocator mismatches

2009-03-31 Thread Nelson Bolyard
Neil wrote: > Nelson B Bolyard wrote: >>> I don't have a tool that makes it easy. All I did was piggy-back on a >>> feature of the MSVC debug heap, >> Another feature of the professional package only, sadly. >> > I use VC2005Express... Hmm. Perhaps it is the source code to the debug RTL that

Re: TC TrustCenter Root Inclusion Request

2009-03-31 Thread Eddy Nigg
Rolf, thank you for your answers! On 03/31/2009 10:05 AM, Rolf Lindemann: Regarding b) No, this does not necessarily apply to all sub CAs which might appear in the future. In the future we might also get customers which want to use such certificates externally. We'll add the requirement to publi

Re: Allocator mismatches

2009-03-31 Thread Benjamin Smedberg
On 3/30/09 5:34 PM, Nelson B Bolyard wrote: > The problem is mixing DLLs that use standard VCRT with those that use > Mozilla's modified VCRT. > > As long as there are bugs in the browser of the sort that Neil has found, > developers of libraries upon which the browser depends, who develop with >

Re: Allocator mismatches

2009-03-31 Thread Wan-Teh Chang
On Sun, Mar 29, 2009 at 5:01 PM, Neil wrote: > > Using the above criteria, I found the following allocator mismatches under > security/* > > nsNSSCallbacks.cpp: HandshakeCallback calls Adopt(cipherName) instead of > Assign and PORT_Free. In fact, it can leak cipherName. > > nsNSSCertificate.cpp: s

Re: Allocator mismatches

2009-03-31 Thread Neil
Nelson B Bolyard wrote: The problem is in the way that Mozilla builds JEMalloc for FF on Windows. They build a replacement for the Microsoft C RunTime Library. Ah, but I'm hoping that any solution that they manage to implement for the Mac will be portable to VC Express, since it will only rep

Re: Allocator mismatches

2009-03-31 Thread Jean-Marc Desperrier
Nelson B Bolyard wrote: The problem is in the way that Mozilla builds JEMalloc for FF on Windows. They build a replacement for the Microsoft C RunTime Library. This replacement is a hybrid, built in part from JEMalloc source code, and in part from Microsoft's source code for MSVCRT, which source

Re: TC TrustCenter Root Inclusion Request

2009-03-31 Thread Rolf Lindemann
The open questions about externally operated sub-CAs are (Hope I got all): a) Can you explain into more depth how exactly the relying parties remain company internal? b) Does this apply to all sub CAs which potentially may appear in the future? c) How are the CA certificates protected? d) Can this