Closed
Bug 1455328
Opened 6 years ago
Closed 6 years ago
ContentParent::AllocPPrintingParent() crashes easily under fuzzing
Categories
(Core :: DOM: Content Processes, enhancement, P1)
Core
DOM: Content Processes
Tracking
()
RESOLVED
FIXED
mozilla61
Tracking | Status | |
---|---|---|
firefox61 | --- | fixed |
People
(Reporter: Alex_Gaynor, Assigned: Alex_Gaynor)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
It's very easy for the fuzzer to generate two sequential calls to AllocPPrintingParent(), leading to this assertion being hit: https://searchfox.org/mozilla-central/source/dom/ipc/ContentParent.cpp#3399-3400 A patch to make it handle that case explicitly is straightforward, incoming...
Comment hidden (mozreview-request) |
Comment 2•6 years ago
|
||
mozreview-review |
Comment on attachment 8969300 [details] Bug 1455328 - handle repeated calls to ContentParent::AllocPPrintingParent more gracefully; https://reviewboard.mozilla.org/r/238042/#review243766 How intelligible is the error on returning null? If it's confusing maybe we should still have the assert but put it back to debug only.
Attachment #8969300 -
Flags: review?(bobowencode) → review+
Assignee | ||
Comment 3•6 years ago
|
||
mozreview-review-reply |
Comment on attachment 8969300 [details] Bug 1455328 - handle repeated calls to ContentParent::AllocPPrintingParent more gracefully; https://reviewboard.mozilla.org/r/238042/#review243766 There's an `NS_WARNING` with a reasonable error message: https://searchfox.org/mozilla-central/source/__GENERATED__/ipc/ipdl/PContentParent.cpp#4027. The actual crash message is more generic.
Assignee | ||
Updated•6 years ago
|
Keywords: checkin-needed
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/autoland/rev/b7090423b82b handle repeated calls to ContentParent::AllocPPrintingParent more gracefully; r=bobowen
Keywords: checkin-needed
Comment 5•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/b7090423b82b
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla61
Assignee | ||
Updated•6 years ago
|
Blocks: libfuzzer-ipc
You need to log in
before you can comment on or make changes to this bug.
Description
•