Closed Bug 1027916 Opened 10 years ago Closed 8 years ago

The constructor for the `SandboxBroker` singleton is not thread-safe

Categories

(Core :: Security: Process Sandboxing, defect)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
x86_64
Windows 8.1
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1256992

People

(Reporter: TimAbraldes, Unassigned)

References

Details

See [1]. Multiple threads could get through the initial `if` check and call `sBrokerService->Init`. Since the second call will fail and set `sBrokerService` to `nullptr`, this could lead to us dereferencing a nullptr in the thread whose call to `sBrokerService->Init` succeeded.

[1] https://mxr.mozilla.org/mozilla-central/source/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp?rev=75ae09718c5c#16
Move process sandboxing bugs to their new, separate component.

(Sorry for the bugspam; filter on 3c21328c-8cfb-4819-9d88-f6e965067350.)
Component: Security → Security: Process Sandboxing
Looks like this is happening, crash reported in bug 1256992.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.