Closed
Bug 1469879
Opened 6 years ago
Closed 6 years ago
UDPSocketParent::RecvJoinMulticast and UDPSocketParent::RecvLeaveMulticast do not handle mSocket not being set
Categories
(Core :: DOM: Device Interfaces, defect, P2)
Core
DOM: Device Interfaces
Tracking
()
RESOLVED
FIXED
mozilla63
People
(Reporter: Alex_Gaynor, Assigned: qdot)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
59 bytes,
text/x-review-board-request
|
baku
:
review+
lizzard
:
approval-mozilla-beta+
|
Details |
https://searchfox.org/mozilla-central/source/dom/network/UDPSocketParent.cpp#449-473
These two functions will die on a null-ptr-deref if |mSocket| hasn't been sent. The other IPC methods do handle this.
The IPC fuzzer has discovered this :-)
Comment hidden (mozreview-request) |
Assignee | ||
Comment 2•6 years ago
|
||
Taking 'cause I was doing triage anyways and this looks straightforward. (Famous last words...)
Assignee: nobody → kyle
Assignee | ||
Updated•6 years ago
|
Priority: -- → P2
Comment 3•6 years ago
|
||
mozreview-review |
Comment on attachment 8987699 [details]
Bug 1469879 - Add check for closed socket on Multicast IPC parent funcs;
https://reviewboard.mozilla.org/r/252938/#review259534
Attachment #8987699 -
Flags: review?(amarchesini) → review+
Pushed by kmachulis@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/ca98b6f47b4e
Add check for closed socket on Multicast IPC parent funcs; r=baku
Comment 5•6 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox63:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
Comment 6•6 years ago
|
||
(In reply to Andrea Marchesini [:baku] from comment #3)
> Comment on attachment 8987699 [details]
> Bug 1469879 - Add check for closed socket on Multicast IPC parent funcs;
>
> https://reviewboard.mozilla.org/r/252938/#review259534
Andrea, do you feel this is safe to uplift to Beta or should we just let it ride the trains? Thanks
Flags: needinfo?(amarchesini)
Comment 7•6 years ago
|
||
Yes, this patch is safe to be uplifted. It introduces a null-check in a couple of IPC methods.
qdot, do you mind to ask for the uplift?
Flags: needinfo?(amarchesini) → needinfo?(kyle)
Assignee | ||
Comment 8•6 years ago
|
||
Comment on attachment 8987699 [details]
Bug 1469879 - Add check for closed socket on Multicast IPC parent funcs;
Approval Request Comment
[Feature/Bug causing the regression]: Bug 745283
[User impact if declined]: Since the fuzzer caught it, could cause a bad memory access.
[Is this code covered by automated tests?]: No
[Has the fix been verified in Nightly?]: Not sure if fuzzer has been rerun after this
[Needs manual test from QE? If yes, steps to reproduce]: No
[List of other uplifts needed for the feature/fix]: None
[Is the change risky?]: No
[Why is the change risky/not risky?]: N/A
[String changes made/needed]: None
Flags: needinfo?(kyle)
Attachment #8987699 -
Flags: approval-mozilla-beta?
Comment 9•6 years ago
|
||
Comment on attachment 8987699 [details]
Bug 1469879 - Add check for closed socket on Multicast IPC parent funcs;
Fix for a crash, looks low risk, let's uplift for beta 6.
Attachment #8987699 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
Comment 10•6 years ago
|
||
bugherder uplift |
You need to log in
before you can comment on or make changes to this bug.
Description
•