Closed
Bug 1033920
Opened 10 years ago
Closed 10 years ago
Null-deref in XrayWrapper<Base, Traits>::setPrototypeOf when setting prototype to null
Categories
(Core :: XPConnect, defect)
Tracking
()
RESOLVED
FIXED
mozilla33
People
(Reporter: bholley, Assigned: bholley)
References
Details
(Keywords: regression)
Attachments
(1 file)
2.01 KB,
patch
|
efaust
:
review+
Sylvestre
:
approval-mozilla-aurora+
Sylvestre
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
No description provided.
Assignee | ||
Comment 1•10 years ago
|
||
This is a regression from bug 926012. We have the ability to mutate the prototype of an XrayWrapper for a given origin, without altering the prototype of the underlying object. The current code doesn't handle the valid case of setting the prototype to null, and crashes. Simple 1-line fix. I'll attach a patch.
Blocks: 926012
Keywords: regression
Summary: Null-deref in XrayWrapper<Base, Traits>::setPrototypeOf → Null-deref in XrayWrapper<Base, Traits>::setPrototypeOf when setting prototype to null
Assignee | ||
Comment 2•10 years ago
|
||
Attachment #8449958 -
Flags: review?(efaustbmo)
Assignee | ||
Comment 3•10 years ago
|
||
Comment on attachment 8449958 [details] [diff] [review] Handle null in XrayWrapper::setPrototypeOf. v1 This is an extremely low-risk fix, so I think we should take it for aurora and beta. Approval Request Comment [Feature/regressing bug #]: bug 926012 [User impact if declined]: Addons and frontend code can cause crashes by doing something very reasonable. Confusing for authors if they notice, bad for users if they don't. [Describe test coverage new/current, TBPL]: xpcshell-test. [Risks and why]: Extremely low risk. [String/UUID change made/needed]: None.
Attachment #8449958 -
Flags: approval-mozilla-beta?
Attachment #8449958 -
Flags: approval-mozilla-aurora?
Comment 4•10 years ago
|
||
Comment on attachment 8449958 [details] [diff] [review] Handle null in XrayWrapper::setPrototypeOf. v1 Review of attachment 8449958 [details] [diff] [review]: ----------------------------------------------------------------- bah, nice catch. r=efaust
Attachment #8449958 -
Flags: review?(efaustbmo) → review+
Comment 5•10 years ago
|
||
I can back Bobby that this fix is trivial, and should be uplifted.
Assignee | ||
Comment 6•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/0072f8f77941
Comment 7•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/0072f8f77941
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla33
Updated•10 years ago
|
Comment 8•10 years ago
|
||
Comment on attachment 8449958 [details] [diff] [review] Handle null in XrayWrapper::setPrototypeOf. v1 Low risk, fix a crash, test. I love this kind of uplift ;) Thanks Bobby!
Attachment #8449958 -
Flags: approval-mozilla-beta?
Attachment #8449958 -
Flags: approval-mozilla-beta+
Attachment #8449958 -
Flags: approval-mozilla-aurora?
Attachment #8449958 -
Flags: approval-mozilla-aurora+
Comment 9•10 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/0c294941cc3e https://hg.mozilla.org/releases/mozilla-beta/rev/1854467b1311
You need to log in
before you can comment on or make changes to this bug.
Description
•