Closed Bug 1469879 Opened 6 years ago Closed 6 years ago

UDPSocketParent::RecvJoinMulticast and UDPSocketParent::RecvLeaveMulticast do not handle mSocket not being set

Categories

(Core :: DOM: Device Interfaces, defect, P2)

Product:
Core
Component:
DOM: Device Interfaces
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla63
Tracking Flags:
Tracking Status
firefox62 --- fixed
firefox63 --- fixed

People

(Reporter: Alex_Gaynor, Assigned: qdot)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Bug 1469879 - Add check for closed socket on Multicast IPC parent funcs;
59 bytes, text/x-review-board-request
baku
: review+
lizzard
: approval-mozilla-beta+
Details
https://searchfox.org/mozilla-central/source/dom/network/UDPSocketParent.cpp#449-473 These two functions will die on a null-ptr-deref if |mSocket| hasn't been sent. The other IPC methods do handle this. The IPC fuzzer has discovered this :-)
Taking 'cause I was doing triage anyways and this looks straightforward. (Famous last words...)
Assignee: nobody → kyle
Priority: -- → P2
Comment on attachment 8987699 [details] Bug 1469879 - Add check for closed socket on Multicast IPC parent funcs; https://reviewboard.mozilla.org/r/252938/#review259534
Attachment #8987699 - Flags: review?(amarchesini) → review+
Pushed by kmachulis@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/ca98b6f47b4e Add check for closed socket on Multicast IPC parent funcs; r=baku
https://hg.mozilla.org/mozilla-central/rev/ca98b6f47b4e
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox63: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
(In reply to Andrea Marchesini [:baku] from comment #3) > Comment on attachment 8987699 [details] > Bug 1469879 - Add check for closed socket on Multicast IPC parent funcs; > > https://reviewboard.mozilla.org/r/252938/#review259534 Andrea, do you feel this is safe to uplift to Beta or should we just let it ride the trains? Thanks
Flags: needinfo?(amarchesini)
Yes, this patch is safe to be uplifted. It introduces a null-check in a couple of IPC methods. qdot, do you mind to ask for the uplift?
Flags: needinfo?(amarchesini) → needinfo?(kyle)
Comment on attachment 8987699 [details] Bug 1469879 - Add check for closed socket on Multicast IPC parent funcs; Approval Request Comment [Feature/Bug causing the regression]: Bug 745283 [User impact if declined]: Since the fuzzer caught it, could cause a bad memory access. [Is this code covered by automated tests?]: No [Has the fix been verified in Nightly?]: Not sure if fuzzer has been rerun after this [Needs manual test from QE? If yes, steps to reproduce]: No [List of other uplifts needed for the feature/fix]: None [Is the change risky?]: No [Why is the change risky/not risky?]: N/A [String changes made/needed]: None
Flags: needinfo?(kyle)
Attachment #8987699 - Flags: approval-mozilla-beta?
Comment on attachment 8987699 [details] Bug 1469879 - Add check for closed socket on Multicast IPC parent funcs; Fix for a crash, looks low risk, let's uplift for beta 6.
Attachment #8987699 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: