Closed Bug 1314836 Opened 8 years ago Closed 4 years ago

Use of rand() in GetNewOrUsedBrowserProcess

Categories

(Core :: DOM: Core & HTML, defect, P3)

Product:
Core
Component:
DOM: Core & HTML
Version:
55 Branch
Type:
defect

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: jesup, Unassigned)

References

Details

+++ This bug was initially created as a clone of Bug #1304140 +++

GetNewOrUsedBrowserProcess() now uses rand() and will cause some tools to complain since rand() is generally not security-safe.  That might not matter in this case; if so at least it should be commented as irrelevant.
Flags: needinfo?(michael)
Summary: Use of rand() → Use of rand() in GetNewOrUsedBrowserProcess
The use of rand() being added by my code seems like a rebasing error on my part. I did not intend to modify the content process selection model at all unless the aFreshProcess flag was enabled. Either I or someone else should make a patch to change it back to the way it worked before.
Flags: needinfo?(michael)
(In reply to Bob Owen (:bobowen) from comment #2)
> Looks like it was added a while ago for Bug 762802:
> https://hg.mozilla.org/mozilla-central/rev/
> d3212385b1aff58fe9b23793d93316f92bef640f

Predates that; the bug 762802 changeset just touched that line.  The static-analysis detector fired a 'new' hit because Michael touched the line.  Since it's not new, it's less of an issue - and the static analysis won't complain until it's touched again.  A comment that it's ok and not a sec issue might avoid confusion next time.
Component: DOM → DOM: Core & HTML

This rand() was removed in bug 1333799 (deterministic process selection in Firefox 55).

Status: NEW → RESOLVED
Closed: 4 years ago
Depends on: 1333799
Resolution: --- → FIXED
Version: unspecified → 55 Branch
You need to log in before you can comment on or make changes to this bug.