Refactor StreamControl's lifecycle to avoid self-deletion
Categories
(Core :: DOM: Service Workers, task, P3)
Tracking
()
People
(Reporter: ytausky, Assigned: ytausky)
Details
(Keywords: sec-want)
Currently CacheStreamControlParent
deletes itself via a very long chain of function calls that begins here and ends here. This needs to be changed, as this is a source of use-after-free bugs, e.g. bug 1507180.
Comment 1•5 years ago
|
||
:ytausky, do we have any hint on the risk of other UAFs caused by this? Are there even other existing we could try to re-conduct to this reason?
Assignee | ||
Comment 2•5 years ago
|
||
This is generally risky, because any code that remains on the stack and touches the destructed object's fields is a UAF. I don't know of any other bugs we currently have in this area (if there were then bug 1507180's error message would have appeared there instead). The current risk from this is that some other code change could easily introduce UAF without it being obvious from looking at it.
Comment 3•5 years ago
|
||
sec-want issue and it's a task, so mark this as P3. Please feel free to raise the priority!
Assignee | ||
Updated•5 years ago
|
Updated•5 years ago
|
Updated•4 years ago
|
Description
•