Reduce unsafe usage of integer->enum casts in IPC

RESOLVED FIXED in Firefox 61

Status

()

P1
normal
RESOLVED FIXED
11 months ago
11 months ago

People

(Reporter: Alex_Gaynor, Assigned: Alex_Gaynor)

Tracking

Trunk
mozilla61
Points:
---

Firefox Tracking Flags

(firefox61 fixed)

Details

Attachments

(1 attachment)

(Assignee)

Description

11 months ago
IME IPC uses |static_cast<Enum>(aArg)| in a handful of places in IPC which are unsafe under an adversarial content process, because it could send values that are outside the range of valid values.

I didn't spot any codepaths where this is necessarily exploitable, but there are a lot of them, so better safe than sorry :-)
Comment hidden (mozreview-request)
(Assignee)

Comment 2

11 months ago
Jim, wasn't sure who the best reviewer for this would be, can you suggest someone?
Flags: needinfo?(jmathies)
(Assignee)

Updated

11 months ago
Attachment #8967071 - Flags: review?(masayuki)
(Assignee)

Comment 3

11 months ago
Removing ni?, discussed on IRC.
Flags: needinfo?(jmathies)

Comment 4

11 months ago
mozreview-review
Comment on attachment 8967071 [details]
Bug 1453397 - use ContiguousEnumSerializer for serialization of enums in IPC for IMEs;

https://reviewboard.mozilla.org/r/235728/#review241676
Attachment #8967071 - Flags: review?(masayuki) → review+
(Assignee)

Updated

11 months ago
Keywords: checkin-needed

Comment 5

11 months ago
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/775374240991
use ContiguousEnumSerializer for serialization of enums in IPC for IMEs; r=masayuki
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/775374240991
Status: NEW → RESOLVED
Last Resolved: 11 months ago
status-firefox61: affected → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla61
You need to log in before you can comment on or make changes to this bug.