Crash Report [@ IPC::ParamTraits<nsIContentSecurityPolicy*>::Write ]
Categories
(Core :: DOM: Security, defect, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr68 | --- | unaffected |
firefox67 | --- | unaffected |
firefox68 | --- | unaffected |
firefox69 | --- | unaffected |
firefox70 | --- | wontfix |
firefox71 | --- | fixed |
firefox72 | --- | fixed |
People
(Reporter: codycrews00, Assigned: ckerschb)
References
Details
(Keywords: crash, regression, Whiteboard: [domsecurity-active])
Crash Data
Attachments
(1 file)
47 bytes,
text/x-phabricator-request
|
pascalc
:
approval-mozilla-beta+
|
Details | Review |
Here's something to chew on, seems to be a null pointer ref.
https://crash-stats.mozilla.org/report/index/1729ca42-1a74-446c-ae61-c52ed0190922
To see it reproducible, just use any moz-icon URI such as moz-icon://.pdf?size=128. I see nothing exploitable looking about it, but who knows.
moz-icon is broken obviously.
Comment 1•5 years ago
|
||
Hi Cody,
Thanks for submitting this bug to us. I was able to reproduce it using Firefox Nightly 71.0a1 (64-bit - 2019-09-26) and on Firefox 70.0b9 (32-bit) on Win10 and on Ubuntu 16.04.
I also tried to repro it using Firefox 69 but I wasn't able to.
I'm adding a Product and Component. If you think that another product or component is more accurate, please feel free to change it.
Thanks!
Sebastian
Updated•5 years ago
|
Updated•5 years ago
|
Assignee | ||
Comment 2•5 years ago
|
||
Yep, that's bad -I'll fix that. Thanks for reporting!
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Comment 3•5 years ago
|
||
Updated•5 years ago
|
Assignee | ||
Comment 4•5 years ago
|
||
Not sure about the soft code freeze, hence I am setting the checkin-needed. Personally I think we should land this within this cycle. It fixes a potential crash after all.
Pushed by rmaries@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/fb8fb91d2a96
Make nsMozIconURI serializeable. r=valentin
Comment 6•5 years ago
•
|
||
Backed out for causing perma fails on test_DownloadUtils.js and reftests.
Failure log:
X6: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=271875701&repo=autoland&lineNumber=2706
Reftest: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=271871349&repo=autoland&lineNumber=15730
Backout: https://hg.mozilla.org/integration/autoland/rev/1d5595ad79ead8bf61b5331e2f88bbbdad1cbf18
Comment 7•5 years ago
|
||
Bugbug thinks this bug is a regression, but please revert this change in case of error.
Assignee | ||
Comment 8•5 years ago
|
||
Oh, seems some query interface macro was not expanding properly. I pushed another revision for review, that should hopefully do it.
Assignee | ||
Comment 9•5 years ago
|
||
Chatted with Valentin on slack, he is fine with the modest update, setting checkin-needed again. FWIW, here is a TRY link:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=66c2d12e457423777ffe300925f2b9f31feb22bf
Comment 10•5 years ago
|
||
Pushed by csabou@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/eefafe971a89
Make nsMozIconURI serializeable. r=valentin
Updated•5 years ago
|
Comment 11•5 years ago
|
||
bugherder |
Assignee | ||
Comment 12•5 years ago
|
||
Comment on attachment 9101590 [details]
Bug 1583044: Make nsMozIconURI serializeable. r=valentin
Beta/Release Uplift Approval Request
- User impact if declined: A webpage could crash the browser by navigating the top-level URL to e.g. ' moz-icon://.pdf?size=128'.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): We only added code to serialize mozIcon URIs.
- String changes made/needed: no
Comment 13•5 years ago
|
||
Comment on attachment 9101590 [details]
Bug 1583044: Make nsMozIconURI serializeable. r=valentin
Crash fix with tests, no crashes reported from users but we are just starting the beta cycle so that LGTM, uplift approved for 71 beta 4, thanks!
Comment 14•5 years ago
|
||
bugherder uplift |
Updated•4 years ago
|
Updated•4 years ago
|
Updated•4 years ago
|
Description
•