Closed Bug 1374238 Opened 8 years ago Closed 8 years ago

nsIOService::SpeculativeConnectInternal crashes when given a null URI

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla56

Tracking Flags:

Tracking

Status

firefox56

---

fixed

People

(Reporter: florian, Assigned: schien)

Details

(Whiteboard: [necko-active])

Attachments

(1 file)

Bug 1374238 - add null check for nsIOService::SpeculativeConnectInternal. 8 years ago Shih-Chiang Chien [:schien] (UTC+8) (use ni? plz) 59 bytes, text/x-review-board-request	dragana : review+	Details

Florian Quèze [:florian]

Reporter

Description

•

8 years ago

nsIOService::SpeculativeConnectInternal misses a null check on its aURI parameter, and calling this code: Services.io.QueryInterface(Ci.nsISpeculativeConnect).speculativeConnect(null, null); crashes at http://searchfox.org/mozilla-central/rev/7cc377ce3f0a569c5c9b362d589705cd4fecc0ac/netwerk/base/nsIOService.cpp#1829 Of course no front-end code would intentionally attempt to speculatively connect to a null uri, but it could happen as an accident if a newURI call in a try block throws due to an invalid url.

Comment hidden (mozreview-request)

Dragana Damjanovic [:dragana]

Comment 2

•

8 years ago

mozreview-review

Comment on attachment 8879094 [details] Bug 1374238 - add null check for nsIOService::SpeculativeConnectInternal. https://reviewboard.mozilla.org/r/150438/#review155044 ::: netwerk/base/nsIOService.cpp:1830 (Diff revision 1) > nsIInterfaceRequestor *aCallbacks, > bool aAnonymous) > { > + if (!aURI) { > + return NS_ERROR_INVALID_ARG; > + } use NS_ENSURE_ARG_POINTER(aURI);

Shih-Chiang Chien [:schien] (UTC+8) (use ni? plz)

Assignee

Comment 3

•

8 years ago

mozreview-review

Comment on attachment 8879094 [details] Bug 1374238 - add null check for nsIOService::SpeculativeConnectInternal. https://reviewboard.mozilla.org/r/150438/#review155052 ::: netwerk/base/nsIOService.cpp:1830 (Diff revision 1) > nsIInterfaceRequestor *aCallbacks, > bool aAnonymous) > { > + if (!aURI) { > + return NS_ERROR_INVALID_ARG; > + } Aren't we trying to prevent using NS_ENSURE_* API?

Valentin Gosu [:valentin] (he/him)

Updated

•

8 years ago

Assignee: nobody → schien

Whiteboard: [necko-active]

Dragana Damjanovic [:dragana]

Comment 4

•

8 years ago

mozreview-review

Comment on attachment 8879094 [details] Bug 1374238 - add null check for nsIOService::SpeculativeConnectInternal. https://reviewboard.mozilla.org/r/150438/#review155158 ::: netwerk/base/nsIOService.cpp:1830 (Diff revision 1) > nsIInterfaceRequestor *aCallbacks, > bool aAnonymous) > { > + if (!aURI) { > + return NS_ERROR_INVALID_ARG; > + } I did not know about that, do you remember when have we decided it?

Valentin Gosu [:valentin] (he/him)

Comment 5

•

8 years ago

(In reply to Dragana Damjanovic [:dragana] from comment #4) > > I did not know about that, do you remember when have we decided it? "Previously the NS_ENSURE_* macros were used for this purpose, but those macros hide return statements and should not be used in new code. (This coding style rule isn't generally agreed, so use of NS_ENSURE_* can be valid.)" https://developer.mozilla.org/en-US/docs/Mozilla/Developer_guide/Coding_Style#Use_the_nice_macros This is not enforced in netwerk/* and I have seen some patches recently that use it.

Shih-Chiang Chien [:schien] (UTC+8) (use ni? plz)

Assignee

Comment 6

•

8 years ago

Thansk @valentin for adding the reference. Yes, there are discussions about banning NS_ENSURE_* on dev-platform and it came back from time to time. I can modify my patch if we are ok with adding new code using NS_ENSURE_*. In this case we should use NS_ENSURE_ARG since aURI is a input parameter.

Dragana Damjanovic [:dragana]

Comment 7

•

8 years ago

(In reply to Shih-Chiang Chien [:schien] (UTC+8) (use ni? plz) from comment #6) > Thansk @valentin for adding the reference. Yes, there are discussions about > banning NS_ENSURE_* on dev-platform and it came back from time to time. I > can modify my patch if we are ok with adding new code using NS_ENSURE_*. In > this case we should use NS_ENSURE_ARG since aURI is a input parameter. we can use NS_ENSURE_* API for this purpose. Please update the patch.

Comment hidden (mozreview-request)

Dragana Damjanovic [:dragana]

Comment 9

•

8 years ago

mozreview-review

Comment on attachment 8879094 [details] Bug 1374238 - add null check for nsIOService::SpeculativeConnectInternal. https://reviewboard.mozilla.org/r/150438/#review156074

Attachment #8879094 - Flags: review?(dd.mozilla) → review+

Pulsebot

Comment 10

•

8 years ago

Pushed by schien@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/6fea04e76286 add null check for nsIOService::SpeculativeConnectInternal. r=dragana

Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)

Comment 11

•

8 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/6fea04e76286

Status: NEW → RESOLVED

Closed: 8 years ago

status-firefox56: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla56

You need to log in before you can comment on or make changes to this bug.

Bugzilla

nsIOService::SpeculativeConnectInternal crashes when given a null URI

Categories

(Core :: Networking, defect)

Tracking

()

People

(Reporter: florian, Assigned: schien)

References

Details

(Whiteboard: [necko-active])

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2

Comment 3

Updated

Comment 4

Comment 5

Comment 6

Comment 7

Comment 8

Comment 9

Comment 10

Comment 11

Attachment

General

Description

File Name

Content Type