Closed Bug 1459701 Opened 6 years ago Closed 6 years ago

ContentParent::UnregisterRemoteFrame doesn't handle the case where aCpId isn't a valid ContentProcessId

Categories

(Core :: DOM: Content Processes, defect)

Product:
Core
Component:
DOM: Content Processes
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla62
Tracking Flags:
Tracking Status
firefox62 --- fixed

People

(Reporter: Alex_Gaynor, Assigned: Alex_Gaynor)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Bug 1459701 - Don't crash if ContentParent::UnregisterRemoteFrame is called with a ContentParentId that doesn't exist;
59 bytes, text/x-review-board-request
jimm
: review+
Details 
This was discovered while fuzzing.

https://searchfox.org/mozilla-central/source/dom/ipc/ContentParent.cpp#4409

If |cpm->GetContentProcessById(aCpId)| returns |nullptr| then it will crash. Other methods such as ContentParent::NotifyTabDestroying handle this case.
Comment on attachment 8973776 [details]
Bug 1459701 - Don't crash if ContentParent::UnregisterRemoteFrame is called with a ContentParentId that doesn't exist;

https://reviewboard.mozilla.org/r/242140/#review248060
Attachment #8973776 - Flags: review?(jmathies) → review+
Keywords: checkin-needed
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/2f3202e4c41d
Don't crash if ContentParent::UnregisterRemoteFrame is called with a ContentParentId that doesn't exist; r=jimm
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/2f3202e4c41d
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox62: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla62
Blocks: libfuzzer-ipc
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: