Closed
Bug 1322760
Opened 8 years ago
Closed 7 years ago
investigate why the private browsing boolean and private browsing origin ID aren't always the same in global window
Categories
(Core :: DOM: Security, defect, P1)
Core
DOM: Security
Tracking
()
RESOLVED
DUPLICATE
of bug 1319951
People
(Reporter: huseby, Assigned: ehsan.akhgari)
References
Details
(Whiteboard: [OA][domsecurity-active])
Attachments
(1 file)
1.20 KB,
patch
|
Details | Diff | Splinter Review |
Bug 1321969 came up because an assert added in Bug 1316075 caused a spike in crashes. This bug is for finding a test case and to better understand why the assert was being triggered.
Reporter | ||
Comment 1•8 years ago
|
||
Will you give me a priority on this please? Thanks!
Flags: needinfo?(tanvi)
Comment 2•8 years ago
|
||
[Tracking Requested - why for this release]: We relaxed a diagnostic assert that was triggering in FF53. We need to figure out what went wrong here before FF53 ships.
tracking-firefox53:
--- → ?
Comment 3•8 years ago
|
||
So if I understand correctly, the assertion added here - https://bugzilla.mozilla.org/attachment.cgi?id=8815588&action=diff#a/dom/base/nsGlobalWindow.cpp_sec4 - in bug 1316075 fired and caused crashes (bug 1321969). The assertion was added because we previously converted that call site to use the Origin Attribute private browsing mode flag instead of the boolean (in bug 1276328) and wanted to make sure that we didn't make a mistake. Bug 1276328 landed in Firefox 50. We need to figure out why we have a mismatch, and which value is right - the Origin Attribute or the previous boolean. Then we need to change the behavior accordingly. If the behavior of the OA is wrong and the boolean was right, then we need to switch back to the boolean and uplift up as far as we can. If the behavior of the boolean was wrong, then we started using the right value with Firefox 50+. Given this is in "GetLocalStorage", we may end up leaking across private mode and regular mode if we don't have the right value.
Reporter | ||
Comment 5•7 years ago
|
||
this patch restores the assert that was causing the crashes. I have solid repro steps: 0. apply the patch to nightly. 1. enable private browsing autostart. 2. install the Blur addon. crash. I am not unstuck.
Flags: needinfo?(tanvi)
Flags: needinfo?(kjozwiak)
Flags: needinfo?(ehsan)
Reporter | ||
Comment 6•7 years ago
|
||
I am *now* unstuck.
Reporter | ||
Comment 7•7 years ago
|
||
Looking at the crash in visual studio reveals that on startup, the PB origin attribute is 0, but the IsPrivateBrowsing() function returns true because PB autostart is enabled.
Updated•7 years ago
|
Whiteboard: [OA] → [OA][domsecurity-active]
Assignee | ||
Comment 8•7 years ago
|
||
Dave is away right now, I'll have a look at this later today.
Assignee: huseby → ehsan
Flags: needinfo?(ehsan)
Assignee | ||
Comment 9•7 years ago
|
||
First interesting fact, looking at <https://crash-stats.mozilla.com/signature/?product=Firefox&version=53.0a1&signature=nsGlobalWindow::GetLocalStorage&date=%3E%3D2016-12-02T14:48:24.000Z&date=%3C2016-12-03T14:48:24.000Z&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&_sort=-date&page=1#correlations>, this crash is correlated with a number of add-ons, including Blur.
Assignee | ||
Comment 10•7 years ago
|
||
OK, the problem here is the same thing that I described back in bug 1316075 comment 17 (item #2 there) which we filed bug 1319951 for. Here we simply have a system principal with pbId==0 and we're comparing that against browser.xul's docshell. I don't think there's any point in having more than one bug for this, so duping.
Assignee | ||
Updated•7 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Updated•7 years ago
|
Flags: needinfo?(kjozwiak)
Updated•7 years ago
|
Flags: needinfo?(tanvi)
Assignee | ||
Comment 12•7 years ago
|
||
Bug 1319951 is already tracking-firefox53+.
tracking-firefox53:
+ → ---
You need to log in
before you can comment on or make changes to this bug.
Description
•