Closed
Bug 1569889
Opened 5 years ago
Closed 5 years ago
nsDocShellLoadState(DocShellLoadStateInit&) doesn't set mIsFormSubmission
Categories
(Core :: DOM: Security, defect, P1)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla70
| Tracking | Status | |
|---|---|---|
| firefox70 | --- | fixed |
People
(Reporter: peterv, Assigned: beriksson)
References
(Regression)
Details
(Keywords: regression, Whiteboard: [domsecurity-active])
Attachments
(1 file)
This can cause us to read uninitialized memory.
It might also need to be serialized in nsDocShellLoadState::Serialize.
Flags: needinfo?(beriksson)
|
Reporter | |
Comment 1•5 years ago
|
||
Note that this is causing a lot of crashes on ASAN builds on the ash branch: https://treeherder.mozilla.org/#/jobs?repo=ash&revision=b653fb57c4b5db336f508ca46d8e298d8fce7dea&searchStr=asan
|
||
Comment 2•5 years ago
|
||
Thanks Peter, we'll fix that.
Assignee: nobody → beriksson
Status: NEW → ASSIGNED
Priority: -- → P1
Whiteboard: [domsecurity-active]
|
||
Updated•5 years ago
|
Keywords: regression
|
Assignee | |
Comment 3•5 years ago
|
||
Ensure that IsFormSubmission is set in all constructors and can be serialized
|
|
Assignee | |
Updated•5 years ago
|
Flags: needinfo?(beriksson)
Keywords: regression → checkin-needed
Pushed by nerli@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/2c8875e6dff7
Fix Bug 1569889 by setting mIsFormSubmission in nsDocShellLoadState r=ckerschb
Keywords: checkin-needed
|
||
Comment 5•5 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla70
|
|
||
Updated•3 years ago
|
Has Regression Range: --- → yes
|
||
Updated•3 years ago
|
Keywords: regression
You need to log in
before you can comment on or make changes to this bug.
Description
•