Closed Bug 1583044 Opened 4 months ago Closed 3 months ago

Crash Report [@ IPC::ParamTraits<nsIContentSecurityPolicy*>::Write ]

Categories

(Core :: DOM: Security, defect, P1)

71 Branch
x86_64
Linux
defect

Tracking

()

RESOLVED FIXED
mozilla72
Tracking Status
firefox-esr68 --- unaffected
firefox67 --- unaffected
firefox68 --- unaffected
firefox69 --- unaffected
firefox70 --- wontfix
firefox71 --- fixed
firefox72 --- fixed

People

(Reporter: codycrews00, Assigned: ckerschb)

Details

(Keywords: crash, regression, Whiteboard: [domsecurity-active])

Crash Data

Attachments

(1 file)

Here's something to chew on, seems to be a null pointer ref.

https://crash-stats.mozilla.org/report/index/1729ca42-1a74-446c-ae61-c52ed0190922

To see it reproducible, just use any moz-icon URI such as moz-icon://.pdf?size=128. I see nothing exploitable looking about it, but who knows.

moz-icon is broken obviously.

Hi Cody,

Thanks for submitting this bug to us. I was able to reproduce it using Firefox Nightly 71.0a1 (64-bit - 2019-09-26) and on Firefox 70.0b9 (32-bit) on Win10 and on Ubuntu 16.04.

I also tried to repro it using Firefox 69 but I wasn't able to.

I'm adding a Product and Component. If you think that another product or component is more accurate, please feel free to change it.

Thanks!

Sebastian

Component: Untriaged → Networking: HTTP
Product: Firefox → Core
Component: Networking: HTTP → Document Navigation
Flags: needinfo?(ckerschb)

Yep, that's bad -I'll fix that. Thanks for reporting!

Assignee: nobody → ckerschb
Status: NEW → ASSIGNED
Flags: needinfo?(ckerschb)
Priority: -- → P1
Component: Document Navigation → DOM: Security
Whiteboard: [domsecurity-active]
Attachment #9101590 - Attachment description: Bug 1583044: Fix crash in IPC::ParamTraits for CSP. r=valentin → Bug 1583044: Make nsMozIconURI serializeable. r=valentin

Not sure about the soft code freeze, hence I am setting the checkin-needed. Personally I think we should land this within this cycle. It fixes a potential crash after all.

Keywords: checkin-needed

Pushed by rmaries@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/fb8fb91d2a96
Make nsMozIconURI serializeable. r=valentin

Keywords: checkin-needed

Bugbug thinks this bug is a regression, but please revert this change in case of error.

Keywords: regression

Oh, seems some query interface macro was not expanding properly. I pushed another revision for review, that should hopefully do it.

Flags: needinfo?(ckerschb)

Chatted with Valentin on slack, he is fine with the modest update, setting checkin-needed again. FWIW, here is a TRY link:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=66c2d12e457423777ffe300925f2b9f31feb22bf

Keywords: checkin-needed

Pushed by csabou@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/eefafe971a89
Make nsMozIconURI serializeable. r=valentin

Keywords: checkin-needed
Status: ASSIGNED → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla72

Comment on attachment 9101590 [details]
Bug 1583044: Make nsMozIconURI serializeable. r=valentin

Beta/Release Uplift Approval Request

  • User impact if declined: A webpage could crash the browser by navigating the top-level URL to e.g. ' moz-icon://.pdf?size=128'.
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: No
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): We only added code to serialize mozIcon URIs.
  • String changes made/needed: no
Attachment #9101590 - Flags: approval-mozilla-beta?

Comment on attachment 9101590 [details]
Bug 1583044: Make nsMozIconURI serializeable. r=valentin

Crash fix with tests, no crashes reported from users but we are just starting the beta cycle so that LGTM, uplift approved for 71 beta 4, thanks!

Attachment #9101590 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Crash Signature: [@ IPC::ParamTraits<nsIContentSecurityPolicy*>::Write ]
You need to log in before you can comment on or make changes to this bug.