Trifecta Tech Foundation, iyo inovaka mapurojekiti akadai se ntpd-rs, sudo-rs, zlib-rs, uye bzip2-rs, yakazivisa shanduko yeFirefox pakushandisa raibhurari ye zlib-rs ye gzip compression uye decompression. Pamusoro pekudzivirira kubva kuzvikanganiso zvekurangarira, kuchinja kubva ku zlib kuenda ku zlib-rs kwakakonzera kuwedzera kukuru kwekushanda - mukuyedza, kukurumidza kwacho kwaive kubva pa3.3 kusvika ku32.5 nguva dzekushanda kwe single decoding uye kubva pa2.7 kusvika ku10.86 nguva dze continuous stream decoding.
Raibhurari ye zlib-rs yakaiswa muFirefox release 151, asi mushure mekubatanidzwa kwayo, vamwe vashandisi vakasangana nedambudziko rakakonzera tsaona nekuda kwekushandiswa kwe out-of-bounds. Zvakacherechedzwa kuti muRust code, dambudziko racho rakakonzera tsaona, nepo muC code, mamiriro akafanana angadai akakonzera kukanganisa kwedata pasina kumisa chirongwa. Semhinduro, raibhurari yekare ye zlib yakadzoserwa kuti ishandiswe mu release 151.0.1.
Kuonekwa kwekutanga kwedambudziko kwakaonekwa panguva yekuyedzwa kwekuvaka kwekutanga kwegore rapfuura, asi kwaisagona kudzokororwa pamasisitimu evagadziri. Pakupedzisira, mushure megore rekuyedza nevashandisi ve beta, zvakasarudzwa kuti zlib-rs igone kugonesa muFirefox 151. Mushure memishumo mitsva yematambudziko uye kuferefetwa kwemaitiro acho, zvakaonekwa kuti kukuvara uku kwakakonzerwa nekukanganisa kwe microcode muIntel CPUs zvichibva pa microarchitecture yechizvarwa che13 ne14 cheRaptor Lake, ine chekuita nekushandiswa kwerejista isiriyo.
Dambudziko iri rakaitika nekuti jenareta rekodhi reLLVM raishandisa murairo wekuti "mov byte ptr [rsi + rdi + 1], ch" pakunyora mhinduro dzeHuffman kumemori. Pakuita murairo uyu paRaptor Lake CPU, pachinzvimbo chekunyora 8-15 bits kubva kuRCX register, inoenderana neCH register yakataurwa mumirairo, bits 0-7, inoenderana neCL register, dzakanyorwa kumemori. Kugadzirisa kwakaitwa pakugadzirira Firefox 152, uye patch yakaendeswa kuburitswa guru rezlib-rs. Kugadzirwa kwemurairo une dambudziko kwakaonekwa muLLVM 22 (haugadzirwe mubazi reLLVM 23 development).
Source: opennet.ru
