Closed Bug 1410073 Opened 6 years ago Closed 6 years ago

Load user32.dll immediately after the DLL Blocklist is in place.

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla58

Tracking Flags:

Tracking

Status

firefox58

---

fixed

People

(Reporter: bobowen, Assigned: bobowen)

References

Details

(Whiteboard: sb+)

Attachments

(1 file)

Load user32.dll immediately after the DLL Blocklist is in place 6 years ago Bob Owen (:bobowen) 1.42 KB, patch	bugzilla : review+	Details \| Diff \| Splinter Review

Bob Owen (:bobowen)

Assignee

Description

•

6 years ago

When using an alternate desktop as part of the process sandbox, some anti-virus products are triggering bug 1400637.

This happens when the AV injects a thread early on, which causes user32.dll to load on that thread because it has not loaded already.
This causes HWND creation later in start-up to fail.

To try and mitigate this we will load user32.dll as early as possible just after the DLL blocklist has been put in place

I have reproduced the content crash on Nightly with one AV and cannot reproduce it with this change.

Bob Owen (:bobowen)

Assignee

Comment 1

•

6 years ago

Attached patch Load user32.dll immediately after the DLL Blocklist is in place — Details — Splinter Review

This is to reduce the chance of it being loaded on an injected thread.

Attachment #8920139 - Flags: review?(aklotz)

Bob Owen (:bobowen)

Assignee

Comment 2

•

6 years ago

https://treeherder.mozilla.org/#/jobs?repo=try&revision=173fa31d5c48f77db994c7e1528d7d64f294ec93

Bob Owen (:bobowen)

Assignee

Updated

•

6 years ago

Whiteboard: sb+

(No longer employed by Mozilla) Aaron Klotz

Comment 3

•

6 years ago

Could you explain this a bit further to me, please? Why isn't user32.dll loaded during process creation?

(No longer employed by Mozilla) Aaron Klotz

Comment 4

•

6 years ago

That is perhaps an unfair question. Come to think of it, I have encountered that before as well and even modified some code to expect it!

It's probably because of the way we set the subsystem bits on firefox.exe.

(No longer employed by Mozilla) Aaron Klotz

Comment 5

•

6 years ago

Comment on attachment 8920139 [details] [diff] [review]
Load user32.dll immediately after the DLL Blocklist is in place

Review of attachment 8920139 [details] [diff] [review]:
-----------------------------------------------------------------

OK.

Attachment #8920139 - Flags: review?(aklotz) → review+

Pulsebot

Comment 6

•

6 years ago

Pushed by bobowencode@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/09bd837dd61e
Load user32.dll immediately after the DLL Blocklist is in place. r=aklotz

Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout)

Comment 7

•

6 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/09bd837dd61e

Status: ASSIGNED → RESOLVED

Closed: 6 years ago

status-firefox58: affected → fixed

Resolution: --- → FIXED

(No longer employed by Mozilla) Aaron Klotz

Updated

•

5 years ago

Blocks: 1546156

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Load user32.dll immediately after the DLL Blocklist is in place.

Categories

(Core :: Security: Process Sandboxing, defect, P1)

Tracking

()

People

(Reporter: bobowen, Assigned: bobowen)

References

Details

(Whiteboard: sb+)

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2

Updated

Comment 3

Comment 4

Comment 5

Comment 6

Comment 7

Updated