Closed
Bug 1594471
Opened 5 years ago
Closed 5 years ago
More safely remove rules in ServoCSSRuleList.
Categories
(Core :: CSS Parsing and Computation, defect, P2)
Core
CSS Parsing and Computation
Tracking
()
RESOLVED
FIXED
mozilla72
People
(Reporter: emilio, Assigned: emilio)
References
Details
(Keywords: sec-want, Whiteboard: [adv-main72-][post-critsmash-triage])
Attachments
(1 file)
This is cleanup that wasn't done as part of bug 1593865 as it's unrelated to that bug.
|
Assignee | |
Comment 1•5 years ago
|
||
This turned out not to be the culprit, but it doesn't seem unreasonable for
DropAllRules -> DropRules -> cycle-collection-stuff that ends up reentering in
the parent rule list.
It seems safer to first remove from the array / move the array to the stack,
then free the pointer, than to leave dangling pointers while we iterate through
the array.
|
||
Comment 2•5 years ago
|
||
This sounds like more of a theoretical concern, so I'm going to mark it sec-want.
Keywords: sec-want
|
||
Comment 3•5 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/9980819fa82c
Sounds like we can let this fix ride the trains, but feel free to nominate for uplift if you feel otherwise.
Group: layout-core-security → core-security-release
Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox70:
--- → wontfix
status-firefox71:
--- → wontfix
status-firefox-esr68:
--- → wontfix
Resolution: --- → FIXED
Target Milestone: --- → mozilla72
|
||
Updated•5 years ago
|
Flags: qe-verify-
Whiteboard: [post-critsmash-triage]
|
||
Updated•5 years ago
|
Whiteboard: [post-critsmash-triage] → [adv-main72-][post-critsmash-triage]
|
||
Updated•4 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•