1069700 - Linux sandbox failures double-crash in non-XPCOM processes

Status: RESOLVED FIXED

(Core :: Security, defect)

Description

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

The code in security/sandbox/linux/glue/SandboxCrash.cpp that tries to log the current JavaScript stack (if on the main thread, and there is one) doesn't correctly handle the case where the process doesn't have an nsIXPConnect instance: it crashes, either with an assertion failure (debug) or a segfault (non-debug).  Specifically, this is the case for Gecko Media Plugin processes.

This happens *after* the crash reporter has already been invoked and prepared itself to reraise the original crash, so it's not a major problem, but it does result in confusing log messages (on stderr for the assertion failure, and/or in the kernel log for a segfault), and the fix is simple.

Comment 1

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

Attachment: bug1069700-gmp-no-jsstack-hg0.diff

Comment 2

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

https://tbpl.mozilla.org/?tree=Try&rev=4260a7c217cf
https://treeherder.mozilla.org/ui/#/jobs?repo=try&revision=4260a7c217cf

And tested locally on B2G with a deliberate content sandbox crash to make sure the JS stack logging still works in that case.

Comment 3

[Guillaume Destuynder [:kang] [this account is no longer active]]

Comment on attachment 8491952 [details] [diff] [review]
bug1069700-gmp-no-jsstack-hg0.diff

Review of attachment 8491952 [details] [diff] [review]:
-----------------------------------------------------------------

looks safe

Comment 4

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

See comment #2 for testing notes.

Comment 5

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/integration/mozilla-inbound/rev/f014f2bef4b7

Comment 6

[Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)]

https://hg.mozilla.org/mozilla-central/rev/f014f2bef4b7