Use of rand() in GetNewOrUsedBrowserProcess

NEW
Unassigned

Status

()

Core
DOM
P3
normal
a year ago
a year ago

People

(Reporter: jesup, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

a year ago
+++ This bug was initially created as a clone of Bug #1304140 +++

GetNewOrUsedBrowserProcess() now uses rand() and will cause some tools to complain since rand() is generally not security-safe.  That might not matter in this case; if so at least it should be commented as irrelevant.
(Reporter)

Updated

a year ago
Flags: needinfo?(michael)
Summary: Use of rand() → Use of rand() in GetNewOrUsedBrowserProcess
The use of rand() being added by my code seems like a rebasing error on my part. I did not intend to modify the content process selection model at all unless the aFreshProcess flag was enabled. Either I or someone else should make a patch to change it back to the way it worked before.
Flags: needinfo?(michael)
Looks like it was added a while ago for Bug 762802:
https://hg.mozilla.org/mozilla-central/rev/d3212385b1aff58fe9b23793d93316f92bef640f
(Reporter)

Comment 3

a year ago
(In reply to Bob Owen (:bobowen) from comment #2)
> Looks like it was added a while ago for Bug 762802:
> https://hg.mozilla.org/mozilla-central/rev/
> d3212385b1aff58fe9b23793d93316f92bef640f

Predates that; the bug 762802 changeset just touched that line.  The static-analysis detector fired a 'new' hit because Michael touched the line.  Since it's not new, it's less of an issue - and the static analysis won't complain until it's touched again.  A comment that it's ok and not a sec issue might avoid confusion next time.
You need to log in before you can comment on or make changes to this bug.