1285770 - Seccomp sandbox violation: sys_fallocate called in content process of Firefox desktop

Status: RESOLVED FIXED

(Core :: Security: Process Sandboxing, defect)

Description

[Julian Hector [:tedd] [:jhector]]

Crash reports show that sys_fallocate is called from the content process:

https://crash-stats.mozilla.com/search/?product=Firefox&reason=~SIGSYS&address=0x11d&_sort=-date&_facets=signature&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#crash-reports

Comment 1

[Emilio Cobos Álvarez (:emilio)]

Just in case it helps, this happens consistently for me when printing to a file.

Also, crash happens just after reaching a supposedly unreached code:

[Child 8846] ###!!! ASSERTION: Deallocator for PPrintProgressDialogChild should not be called on nsPrintingProxy.: 'Not Reached'

http://searchfox.org/mozilla-central/source/embedding/components/printingui/ipc/nsPrintingProxy.cpp#227

Comment 2

[David Baron :dbaron: (⌚️UTC-4, no longer working on Mozilla)]

Attachment: stack trace, crashed due to printing to file

Just crashed trying to print a boarding pass to PDF.

Comment 3

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

Looks like we need to whitelist this at least until we have proper e10s-enabled printing on Linux.

Comment 4

[Julian Hector [:tedd] [:jhector]]

Attachment: Add sys_fallocate to seccomp whitelist. r=gcp

Try push: https://treeherder.mozilla.org/#/jobs?repo=try&revision=c020cee1bab7

Comment 5

[Julian Hector [:tedd] [:jhector]]

Try in Comment 4

Comment 6

[Pulsebot]

Pushed by cbook@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/7107f6c51542
Add sys_fallocate to seccomp whitelist. r=gcp

Comment 7

[Carsten Book [:Tomcat]]

https://hg.mozilla.org/mozilla-central/rev/7107f6c51542