Unsafe casting of int to enum in graphics IPC

RESOLVED FIXED in Firefox 61

Status

()

enhancement
RESOLVED FIXED
Last year
Last year

People

(Reporter: Alex_Gaynor, Assigned: rhunt)

Tracking

Trunk
mozilla61
Points:
---

Firefox Tracking Flags

(firefox61 fixed)

Details

(Whiteboard: [gfx-noted])

Attachments

(1 attachment)

https://searchfox.org/mozilla-central/source/widget/windows/CompositorWidgetParent.cpp#39-41 casts an int32_t to an enum with verifying that it's a valid member of the enum.

I can't find any places this can lead to memory corruption, but it's an unsafe practice as this code evolves.

This would probably be better handled by making the parameter an nsTransparencyMode directly and using one of the serializer helper classes. https://hg.mozilla.org/mozilla-central/rev/145c594a51c5 is an example of a similar change.
Assignee

Comment 1

Last year
I can take this, should be an easy fix.
Assignee: nobody → rhunt
Whiteboard: [gfx-noted]
Assignee

Comment 2

Last year
Attachment #8964329 - Flags: review?(jmuizelaar)
Assignee

Comment 3

Last year
Comment on attachment 8964329 [details] [diff] [review]
win-transparency-mode.patch

Review of attachment 8964329 [details] [diff] [review]:
-----------------------------------------------------------------

::: widget/nsIWidget.h
@@ +164,5 @@
>    eTransparencyOpaque = 0,  // Fully opaque
>    eTransparencyTransparent, // Parts of the window may be transparent
>    eTransparencyGlass,       // Transparent parts of the window have Vista AeroGlass effect applied
>    eTransparencyBorderlessGlass // As above, but without a border around the opaque areas when there would otherwise be one with eTransparencyGlass
> +  // If you to the end here, you must update the serialization code in WidgetMessageUtils.h

Whoops, I'll fix the grammar of this comment.
Attachment #8964329 - Flags: review?(jmuizelaar) → review+

Comment 4

Last year
Pushed by rhunt@eqrion.net:
https://hg.mozilla.org/integration/mozilla-inbound/rev/055d507f2e35
Safely transmit nsTransparencyMode across IPDL for WinCompositorWidget. r=jrmuizel

Comment 5

Last year
bugherder
https://hg.mozilla.org/mozilla-central/rev/055d507f2e35
Status: NEW → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → mozilla61
Reporter

Comment 6

Last year
Thanks for running with this one!
You need to log in before you can comment on or make changes to this bug.