Closed Bug 1069700 Opened 5 years ago Closed 5 years ago

Linux sandbox failures double-crash in non-XPCOM processes

Categories

(Core :: Security, defect, minor)

All
Linux
defect
Not set
minor

Tracking

()

RESOLVED FIXED
mozilla35

People

(Reporter: jld, Assigned: jld)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

The code in security/sandbox/linux/glue/SandboxCrash.cpp that tries to log the current JavaScript stack (if on the main thread, and there is one) doesn't correctly handle the case where the process doesn't have an nsIXPConnect instance: it crashes, either with an assertion failure (debug) or a segfault (non-debug).  Specifically, this is the case for Gecko Media Plugin processes.

This happens *after* the crash reporter has already been invoked and prepared itself to reraise the original crash, so it's not a major problem, but it does result in confusing log messages (on stderr for the assertion failure, and/or in the kernel log for a segfault), and the fix is simple.
Attachment #8491952 - Flags: review?(gdestuynder)
https://tbpl.mozilla.org/?tree=Try&rev=4260a7c217cf
https://treeherder.mozilla.org/ui/#/jobs?repo=try&revision=4260a7c217cf

And tested locally on B2G with a deliberate content sandbox crash to make sure the JS stack logging still works in that case.
Comment on attachment 8491952 [details] [diff] [review]
bug1069700-gmp-no-jsstack-hg0.diff

Review of attachment 8491952 [details] [diff] [review]:
-----------------------------------------------------------------

looks safe
Attachment #8491952 - Flags: review?(gdestuynder) → review+
See comment #2 for testing notes.
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/f014f2bef4b7
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla35
You need to log in before you can comment on or make changes to this bug.