Closed Bug 1338895 Opened 3 years ago Closed 3 years ago

Avoid non-smart string IDL types in remaining PSM IDL files

Categories

(Core :: Security: PSM, defect, P1)

defect

Tracking

()

RESOLVED FIXED
mozilla55
Tracking Status
firefox55 --- fixed

People

(Reporter: Cykesiopka, Assigned: Cykesiopka)

Details

(Whiteboard: [psm-assigned])

Attachments

(1 file)

Smart string classes like nsCString are safer to use than raw |char*| strings, and are typically easier to deal with as well.
Comment on attachment 8841328 [details]
Bug 1338895 - Avoid non-smart string IDL types in remaining PSM IDL files.

https://reviewboard.mozilla.org/r/115576/#review116992

aklotz: Please review the nsJAR changes.
keeler: Please review everything else.

Thanks.
Comment on attachment 8841328 [details]
Bug 1338895 - Avoid non-smart string IDL types in remaining PSM IDL files.

https://reviewboard.mozilla.org/r/115576/#review117654

Hey, sorry this is taking a while. I did want to give you some feed back sooner rather than later, though. First is the one comment (below) and second is maybe we should remove <keygen> first? (I think we can remove nsITokenDialogs.ChooseToken if we do.)

::: security/manager/pki/nsNSSDialogs.cpp:78
(Diff revision 1)
>  
>    nsCOMPtr<nsIDialogParamBlock> block =
>             do_CreateInstance(NS_DIALOGPARAMBLOCK_CONTRACTID);
>    if (!block) return NS_ERROR_FAILURE;
>  
> -  rv = block->SetString(1, tokenName);
> +  nsresult rv = block->SetString(1, PromiseFlatString(tokenName).get());

Is this guaranteed to be safe? If I understand correctly, the temporary will be destructed, so block would have to copy the memory, but afaict it doesn't: https://dxr.mozilla.org/mozilla-central/rev/e1135c6fdc9bcd80d38f7285b269e030716dcb72/toolkit/components/windowwatcher/nsDialogParamBlock.cpp#83 (it's just storing pointers as far as I can see).
Comment on attachment 8841328 [details]
Bug 1338895 - Avoid non-smart string IDL types in remaining PSM IDL files.

https://reviewboard.mozilla.org/r/115576/#review117654

No worries, take your time.

I've been itching to get rid of <keygen> for years. Can we get rid of it in the near future though? I got the impression from Bug 1284945 that we still want to collect more data before making the call.

> Is this guaranteed to be safe? If I understand correctly, the temporary will be destructed, so block would have to copy the memory, but afaict it doesn't: https://dxr.mozilla.org/mozilla-central/rev/e1135c6fdc9bcd80d38f7285b269e030716dcb72/toolkit/components/windowwatcher/nsDialogParamBlock.cpp#83 (it's just storing pointers as far as I can see).

AFAICT this is safe.

In particular, `mString` is an array of `nsString`:
https://hg.mozilla.org/mozilla-central/file/e1135c6fdc9bcd80d38f7285b269e030716dcb72/toolkit/components/windowwatcher/nsDialogParamBlock.cpp#l34

... so doing `mString[aIndex] = aString;` invokes `operator=`, which just calls `Assign(...)`:
https://hg.mozilla.org/mozilla-central/file/e1135c6fdc9bcd80d38f7285b269e030716dcb72/xpcom/string/nsTString.h#l79
Comment on attachment 8841328 [details]
Bug 1338895 - Avoid non-smart string IDL types in remaining PSM IDL files.

https://reviewboard.mozilla.org/r/115576/#review117654

Well, fairly near future, I think - it looks like it will be gone from Chrome 57: https://www.chromestatus.com/feature/5716060992962560 (although we probably should wait and see if that sticks).

> AFAICT this is safe.
> 
> In particular, `mString` is an array of `nsString`:
> https://hg.mozilla.org/mozilla-central/file/e1135c6fdc9bcd80d38f7285b269e030716dcb72/toolkit/components/windowwatcher/nsDialogParamBlock.cpp#l34
> 
> ... so doing `mString[aIndex] = aString;` invokes `operator=`, which just calls `Assign(...)`:
> https://hg.mozilla.org/mozilla-central/file/e1135c6fdc9bcd80d38f7285b269e030716dcb72/xpcom/string/nsTString.h#l79

Oh, right, of course. I was misunderstanding that code.
Comment on attachment 8841328 [details]
Bug 1338895 - Avoid non-smart string IDL types in remaining PSM IDL files.

https://reviewboard.mozilla.org/r/115576/#review118054

LGTM.
Attachment #8841328 - Flags: review?(dkeeler) → review+
aklotz: Review ping?
Comment on attachment 8841328 [details]
Bug 1338895 - Avoid non-smart string IDL types in remaining PSM IDL files.

https://reviewboard.mozilla.org/r/115576/#review121128
Attachment #8841328 - Flags: review?(aklotz) → review+
Thanks for the reviews!

https://treeherder.mozilla.org/#/jobs?repo=try&revision=7380b6d1bb2e92ba9f7865c1aeab94f740fc7a77
(Pretty sure the SM(arm) failure is something from my base commit.)
Keywords: checkin-needed
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/19ca68cbfe3d
Avoid non-smart string IDL types in remaining PSM IDL files. r=aklotz,keeler
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/19ca68cbfe3d
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
You need to log in before you can comment on or make changes to this bug.