Closed
Bug 1497160
Opened 7 years ago
Closed 7 years ago
Upgrade AssertIsOnTargetThread() in EventSource.cpp to MOZ_DIAGNOSTIC_ASSERT
Categories
(Core :: DOM: Core & HTML, defect, P2)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla64
People
(Reporter: hsivonen, Assigned: hsivonen)
References
Details
(Keywords: sec-other, Whiteboard: [post-critsmash-triage][adv-main64-])
Attachments
(1 file)
|
46 bytes,
text/x-phabricator-request
|
dveditz
:
sec-approval+
|
Details | Review |
|
Assignee | |
Comment 1•7 years ago
|
||
MozReview-Commit-ID: 9e5vbMW07eH
|
||
Updated•7 years ago
|
Group: core-security → dom-core-security
|
||
Updated•7 years ago
|
Priority: -- → P2
|
|
Assignee | |
Comment 2•7 years ago
|
||
Comment on attachment 9015207 [details]
Bug 1497160 - Upgrade assertion type.
[Security Approval Request]
How easily could an exploit be constructed based on the patch?: The patch hints at a threading problem in this area, but doesn't say what the problem is. (I don't know, either.)
Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?: Yes
Which older supported branches are affected by this flaw?: all
If not all supported branches, which bug introduced the flaw?: Bug 1267903
Do you have backports for the affected branches?: No
If not, how different, hard to create, and risky will they be?: This is a diagnostic patch, so I don't expect an uplift.
How likely is this patch to cause regressions; how much testing does it need?: The purpose is to turn some non-crashes into crashes on Nightly and Dev Edition in order to track down the real bug, so in that sense the hope is more crash stacks.
Attachment #9015207 -
Flags: sec-approval?
|
||
Comment 3•7 years ago
|
||
Comment on attachment 9015207 [details]
Bug 1497160 - Upgrade assertion type.
Sec-approval=dveditz to land this diagnostic patch.
Attachment #9015207 -
Flags: sec-approval? → sec-approval+
|
||
Comment 4•7 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/9b3d9022cce8093be3f745fb023f1d47132dacda
https://hg.mozilla.org/mozilla-central/rev/9b3d9022cce8
Group: dom-core-security → core-security-release
status-firefox64:
--- → fixed
Target Milestone: --- → mozilla64
|
|
||
Updated•7 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
|
|
||
Updated•7 years ago
|
|
||
Comment 5•7 years ago
|
||
No crash reports yet AFAICT.
|
||
Updated•7 years ago
|
Flags: qe-verify-
Whiteboard: [post-critsmash-triage]
|
|
||
Comment 6•7 years ago
|
||
Still no crash reports with AssertIsOnTargetThread on the stack.
|
||
Updated•7 years ago
|
Whiteboard: [post-critsmash-triage] → [post-critsmash-triage][adv-main64-]
|
||
Comment 7•6 years ago
|
||
In the absence of nightly or dev edition crash reports, should we try making it a release assert at least temporarily in the hope it fires on beta?
|
||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
|
|
||
Updated•6 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•