Closed Bug 1552180 Opened 1 year ago Closed 1 year ago

Poison Arena zone pointer on free to highlight UAF crashes in crash data

Categories

(Core :: JavaScript: GC, task, P1)

task

Tracking

()

RESOLVED FIXED
mozilla69
Tracking Status
firefox68 --- fixed
firefox69 --- fixed

People

(Reporter: jonco, Assigned: jonco)

References

Details

Attachments

(1 file)

As suggested by Steve in bug 1474623.

Attachment #9065463 - Attachment description: Bug 1552180 - Poison Arena's zone pointer on free r=sfink? → Bug 1552180 - Poison Arena's zone pointer on free r=sfink
Pushed by jcoppeard@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/882b70f3e477
Poison Arena's zone pointer on free r=sfink
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla69

Is this something we should backport to 68 ahead of the next ESR?

Flags: needinfo?(jcoppeard)

Comment on attachment 9065463 [details]
Bug 1552180 - Poison Arena's zone pointer on free r=sfink

Beta/Release Uplift Approval Request

  • User impact if declined: Requesting uplift because this may make help shed light on some types of crashes.
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): This is a simple change and has baked on trunk for > 20 days.
  • String changes made/needed: None.
Flags: needinfo?(jcoppeard)
Attachment #9065463 - Flags: approval-mozilla-beta?

Comment on attachment 9065463 [details]
Bug 1552180 - Poison Arena's zone pointer on free r=sfink

approved for 68.0b10

Attachment #9065463 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Regressions: 1578951
You need to log in before you can comment on or make changes to this bug.