Closed Bug 1465108 Opened 2 years ago Closed 2 years ago

Uplift some compacting GC changes which landed in bug 1457703

Categories

(Core :: JavaScript: GC, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla62
Tracking Status
firefox-esr52 61+ fixed
firefox-esr60 61+ fixed
firefox60 --- wontfix
firefox61 + fixed
firefox62 + fixed

People

(Reporter: jonco, Assigned: jonco)

References

Details

(Keywords: sec-high, Whiteboard: [adv-main61+][adv-esr52.9+][adv-esr60.1+][post-critsmash-triage])

Attachments

(6 files)

I think we want to uplift two out of three patches that landed in bug 1457703.  Moving those patches to this bug for the sake of simplicity.
Approval Request Comment
[Feature/Bug causing the regression]: Bug 1257186.
[User impact if declined]: Possible crash / security vulnerability.
[Is this code covered by automated tests?]: Yes.
[Has the fix been verified in Nightly?]: Yes.
[Needs manual test from QE? If yes, steps to reproduce]: No.
[List of other uplifts needed for the feature/fix]: None.
[Is the change risky?]: No.
[Why is the change risky/not risky?]: This is a very simple change and is covered by assertions in the patch.
[String changes made/needed]: None.
Attachment #8981527 - Flags: approval-mozilla-beta?
Approval Request Comment
[Feature/Bug causing the regression]: Bug 1064578.
[User impact if declined]: Possible crash / security vulnerability.
[Is this code covered by automated tests?]: Yes.
[Has the fix been verified in Nightly?]: Yes.
[Needs manual test from QE? If yes, steps to reproduce]: No.
[List of other uplifts needed for the feature/fix]: None.
[Is the change risky?]: Low risk.
[Why is the change risky/not risky?]: This is a fairly mechanical change that only affects the GC.
[String changes made/needed]: None.
Attachment #8981528 - Flags: approval-mozilla-beta?
[Approval Request Comment]
If this is not a sec:{high,crit} bug, please state case for ESR consideration: sec-high bug.
User impact if declined: Possible crash / security vulnerability.
Fix Landed on Version: FF 62.
Risk to taking this patch (and alternatives if risky): Low.
String or UUID changes made by this patch: None
Attachment #8981529 - Flags: approval-mozilla-esr60?
[Approval Request Comment]
If this is not a sec:{high,crit} bug, please state case for ESR consideration: sec-high bug.
User impact if declined: Possible crash / security vulnerability.
Fix Landed on Version: FF 62.
Risk to taking this patch (and alternatives if risky): Low.
String or UUID changes made by this patch: None
Attachment #8981530 - Flags: approval-mozilla-esr60?
Keywords: sec-high
Summary: Uplift some compacting GC changes in bug 1457703 → Uplift some compacting GC changes which landed in bug 1457703
[Approval Request Comment]
If this is not a sec:{high,crit} bug, please state case for ESR consideration: sec-high bug.
User impact if declined: Possible crash / security vulnerability.
Fix Landed on Version: FF 62.
Risk to taking this patch (and alternatives if risky): Low.
String or UUID changes made by this patch: None
Attachment #8981538 - Flags: approval-mozilla-esr52?
[Approval Request Comment]
If this is not a sec:{high,crit} bug, please state case for ESR consideration: sec-high bug.
User impact if declined: Possible crash / security vulnerability.
Fix Landed on Version: FF 62.
Risk to taking this patch (and alternatives if risky): Low.
String or UUID changes made by this patch: None
Attachment #8981539 - Flags: approval-mozilla-esr52?
Comment on attachment 8981527 [details] [diff] [review]
compacting-thread-count-beta

Fixes for various possibly-exploitable race conditions in the GC. Approved for 61.0b10, ESR 60.1, and ESR 52.9.
Attachment #8981527 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Attachment #8981528 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Attachment #8981529 - Flags: approval-mozilla-esr60? → approval-mozilla-esr60+
Attachment #8981530 - Flags: approval-mozilla-esr60? → approval-mozilla-esr60+
Attachment #8981538 - Flags: approval-mozilla-esr52? → approval-mozilla-esr52+
Attachment #8981539 - Flags: approval-mozilla-esr52? → approval-mozilla-esr52+
Jon, I tried to land this on Beta but hit (probably easy to fix) static analysis bustage:
https://treeherder.mozilla.org/logviewer.html#?job_id=180784011&repo=mozilla-beta

Also, please be sure to update the bug number in the commit messages for these patches when pushing.
Status: NEW → ASSIGNED
Flags: needinfo?(jcoppeard)
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Group: javascript-core-security → core-security-release
Whiteboard: [adv-main61+][adv-esr52.9+][adv-esr60.1+]
Flags: qe-verify-
Whiteboard: [adv-main61+][adv-esr52.9+][adv-esr60.1+] → [adv-main61+][adv-esr52.9+][adv-esr60.1+][post-critsmash-triage]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.