Closed Bug 1517044 Opened 2 years ago Closed 2 years ago

It is possible to write over nsIUpdate and nsIUpdatePatch readonly attributes using setProperty since they also implement nsIWritablePropertyBag

Categories

(Toolkit :: Application Update, enhancement, P3)

59 Branch
enhancement

Tracking

()

RESOLVED FIXED
mozilla66
Tracking Status
firefox66 --- fixed

People

(Reporter: robert.strong.bugs, Assigned: robert.strong.bugs)

References

Details

Attachments

(1 file, 1 obsolete file)

I noticed this while working on bug 1516899.
Depends on: 1517575
Attached patch patch rev1 (obsolete) — Splinter Review

This is mainly for correctness and that it bothers me that the attributes (especially the read only attributes) can be over written by nsIWritablePropertyBag.

Attachment #9035444 - Flags: review?(mhowell)
Attached patch patch rev2Splinter Review

Added another check to the constructors for safety

Attachment #9035444 - Attachment is obsolete: true
Attachment #9035444 - Flags: review?(mhowell)
Attachment #9035525 - Flags: review?(mhowell)
Attachment #9035525 - Flags: review?(mhowell) → review+
Pushed by rstrong@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/df91f6e79753
Don't allow nsIWritablePropertyBag calls to overwrite nsIUpdate and nsIUpdatePatch attributes. r=mhowell
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla66
You need to log in before you can comment on or make changes to this bug.