Closed
Bug 1459701
Opened 6 years ago
Closed 6 years ago
ContentParent::UnregisterRemoteFrame doesn't handle the case where aCpId isn't a valid ContentProcessId
Categories
(Core :: DOM: Content Processes, defect)
Core
DOM: Content Processes
Tracking
()
RESOLVED
FIXED
mozilla62
Tracking | Status | |
---|---|---|
firefox62 | --- | fixed |
People
(Reporter: Alex_Gaynor, Assigned: Alex_Gaynor)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
This was discovered while fuzzing. https://searchfox.org/mozilla-central/source/dom/ipc/ContentParent.cpp#4409 If |cpm->GetContentProcessById(aCpId)| returns |nullptr| then it will crash. Other methods such as ContentParent::NotifyTabDestroying handle this case.
Comment hidden (mozreview-request) |
Comment 2•6 years ago
|
||
mozreview-review |
Comment on attachment 8973776 [details] Bug 1459701 - Don't crash if ContentParent::UnregisterRemoteFrame is called with a ContentParentId that doesn't exist; https://reviewboard.mozilla.org/r/242140/#review248060
Attachment #8973776 -
Flags: review?(jmathies) → review+
Assignee | ||
Updated•6 years ago
|
Keywords: checkin-needed
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/autoland/rev/2f3202e4c41d Don't crash if ContentParent::UnregisterRemoteFrame is called with a ContentParentId that doesn't exist; r=jimm
Keywords: checkin-needed
Comment 4•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/2f3202e4c41d
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla62
Assignee | ||
Updated•6 years ago
|
Blocks: libfuzzer-ipc
You need to log in
before you can comment on or make changes to this bug.
Description
•