1455328 - ContentParent::AllocPPrintingParent() crashes easily under fuzzing

Status: RESOLVED FIXED

(Core :: DOM: Content Processes, enhancement, P1)

Description

[Alex Gaynor [:Alex_Gaynor]]

It's very easy for the fuzzer to generate two sequential calls to AllocPPrintingParent(), leading to this assertion being hit: https://searchfox.org/mozilla-central/source/dom/ipc/ContentParent.cpp#3399-3400

A patch to make it handle that case explicitly is straightforward, incoming...

Comment 1

[Alex Gaynor [:Alex_Gaynor]]

Attachment: Bug 1455328 - handle repeated calls to ContentParent::AllocPPrintingParent more gracefully;

Review commit: https://reviewboard.mozilla.org/r/238042/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/238042/

Comment 2

[Bob Owen (:bobowen)]

Comment on attachment 8969300 [details]
Bug 1455328 - handle repeated calls to ContentParent::AllocPPrintingParent more gracefully;

https://reviewboard.mozilla.org/r/238042/#review243766

How intelligible is the error on returning null?
If it's confusing maybe we should still have the assert but put it back to debug only.

Comment 3

[Alex Gaynor [:Alex_Gaynor]]

Comment on attachment 8969300 [details]
Bug 1455328 - handle repeated calls to ContentParent::AllocPPrintingParent more gracefully;

https://reviewboard.mozilla.org/r/238042/#review243766

There's an `NS_WARNING` with a reasonable error message: https://searchfox.org/mozilla-central/source/__GENERATED__/ipc/ipdl/PContentParent.cpp#4027. The actual crash message is more generic.

Comment 4

[Pulsebot]

Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/b7090423b82b
handle repeated calls to ContentParent::AllocPPrintingParent more gracefully; r=bobowen

Comment 5

[Cosmin Sabou [:CosminS]]

https://hg.mozilla.org/mozilla-central/rev/b7090423b82b