Closed
Bug 1127780
Opened 9 years ago
Closed 9 years ago
Bug 1125015 caused null deref crash
Categories
(Core :: XPConnect, defect)
Tracking
()
RESOLVED
FIXED
mozilla31
| Tracking | Status | |
|---|---|---|
| firefox36 | --- | unaffected |
| firefox37 | --- | unaffected |
| firefox38 | --- | unaffected |
| firefox-esr31 | 37+ | fixed |
| b2g-v1.4 | --- | wontfix |
| b2g-v2.0 | --- | fixed |
| b2g-v2.1 | --- | fixed |
| b2g-v2.2 | --- | unaffected |
| b2g-master | --- | unaffected |
People
(Reporter: moz_bug_r_a4, Assigned: bholley)
Details
(Keywords: sec-other, Whiteboard: [adv-esr31.6-])
Attachments
(2 files)
|
92 bytes,
text/html
|
Details | |
|
1.08 KB,
patch
|
bzbarsky
:
review+
bkerensa
:
approval-mozilla-esr31+
bajaj
:
approval-mozilla-b2g32+
bajaj
:
approval-mozilla-b2g34+
|
Details | Diff | Splinter Review |
https://hg.mozilla.org/releases/mozilla-esr31/file/50cad2d9985b/js/xpconnect/wrappers/XrayWrapper.h#l127 An XrayWrapper's prototype can be null if content modified the prototype chain.
|
Reporter | |
Comment 1•9 years ago
|
||
This works on esr31 nightly builds after bug 1125015 fixed.
|
||
Comment 2•9 years ago
|
||
Null deref crash, so I'm marking this sec-other. I think it is just hidden because the other bug is hidden.
Keywords: sec-other
|
Assignee | |
Comment 3•9 years ago
|
||
Thanks moz_bug_r_a4!
Attachment #8558691 -
Flags: review?(bzbarsky)
|
|
Assignee | |
Updated•9 years ago
|
Assignee: nobody → bobbyholley
|
|
Assignee | |
Comment 4•9 years ago
|
||
Comment on attachment 8558691 [details] [diff] [review] Null check. v1 [Approval Request Comment] If this is not a sec:{high,crit} bug, please state case for ESR consideration: User impact if declined: Null-deref crashes Fix Landed on Version: This affects esr31 only. Risk to taking this patch (and alternatives if risky): Close to zero. String or UUID changes made by this patch: None. See https://wiki.mozilla.org/Release_Management/ESR_Landing_Process for more info.
Attachment #8558691 -
Flags: approval-mozilla-esr31?
|
||
Comment 5•9 years ago
|
||
Comment on attachment 8558691 [details] [diff] [review] Null check. v1 r=me
Attachment #8558691 -
Flags: review?(bzbarsky) → review+
|
||
Updated•9 years ago
|
Attachment #8558691 -
Flags: approval-mozilla-esr31? → approval-mozilla-esr31+
|
||
Comment 6•9 years ago
|
||
Sorry, I missed this earlier because I normally only look for fixed bugs :(. Bobby, can you please nominate this for b2g32/b2g34 approval when you get a chance? I've verified that it applies cleanly to both. https://hg.mozilla.org/releases/mozilla-esr31/rev/355aa3aae1ab
Status: NEW → RESOLVED
Closed: 9 years ago
status-b2g-v1.4:
--- → wontfix
status-b2g-v2.0:
--- → affected
status-b2g-v2.1:
--- → affected
status-b2g-v2.2:
--- → unaffected
status-b2g-master:
--- → unaffected
status-firefox36:
--- → unaffected
status-firefox37:
--- → unaffected
status-firefox38:
--- → unaffected
status-firefox-esr31:
--- → fixed
Flags: needinfo?(bobbyholley)
Resolution: --- → FIXED
Target Milestone: --- → mozilla31
|
|
Assignee | |
Updated•9 years ago
|
Flags: needinfo?(bobbyholley)
Attachment #8558691 -
Flags: approval-mozilla-b2g34?
Attachment #8558691 -
Flags: approval-mozilla-b2g32?
|
|
||
Updated•9 years ago
|
tracking-firefox-esr31:
--- → 37+
|
||
Updated•9 years ago
|
Attachment #8558691 -
Flags: approval-mozilla-b2g34?
Attachment #8558691 -
Flags: approval-mozilla-b2g34+
Attachment #8558691 -
Flags: approval-mozilla-b2g32?
Attachment #8558691 -
Flags: approval-mozilla-b2g32+
|
|
||
Comment 8•9 years ago
|
||
https://hg.mozilla.org/releases/mozilla-b2g34_v2_1/rev/8478c7bd428e https://hg.mozilla.org/releases/mozilla-b2g32_v2_0/rev/cfaa08622d8d
|
||
Updated•9 years ago
|
Whiteboard: [adv-esr31.6-]
|
||
Updated•9 years ago
|
Group: core-security → core-security-release
|
||
Updated•8 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•