Closed Bug 1649306 Opened 4 years ago Closed 8 months ago

null pointer passed as argument 1, which is declared to never be null in dom/crypto/CryptoBuffer.cpp:131

Categories

(Core :: DOM: Web Crypto, defect, P3)

Product:
Core
Component:
DOM: Web Crypto
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
118 Branch
Tracking Flags:
Tracking Status
firefox-esr102 --- wontfix
firefox-esr115 --- wontfix
firefox79 --- wontfix
firefox80 --- wontfix
firefox116 --- wontfix
firefox117 --- wontfix
firefox118 --- fixed

People

(Reporter: tsmith, Assigned: keeler)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Bug 1649306 - webcrypto: avoid passing null to memcpy (even when length is 0) r?jschanck
48 bytes, text/x-phabricator-request
Details | Review

This can be triggered via mochitests. To enable this check add the following to your mozconfig:
ac_add_options --enable-undefined-sanitizer="nonnull-attribute"

INFO - TEST-START | dom/crypto/test/test_WebCrypto_HKDF.html 
src/dom/crypto/CryptoBuffer.cpp:131:10: runtime error: null pointer passed as argument 1, which is declared to never be null
/usr/include/string.h:47:28: note: nonnull attribute specified here
    #0 0x7f3f49ded81e in mozilla::dom::CryptoBuffer::ToSECItem(PLArenaPool*, SECItemStr*) const src/dom/crypto/CryptoBuffer.cpp:131:3
    #1 0x7f3f49e1f612 in mozilla::dom::DeriveHkdfBitsTask::DoCrypto() src/dom/crypto/WebCryptoTask.cpp:2441:5
    #2 0x7f3f49dfebb3 in CalculateResult src/dom/crypto/WebCryptoTask.cpp:394:10
    #3 0x7f3f49dfebb3 in mozilla::dom::WebCryptoTask::Run() src/dom/crypto/WebCryptoTask.cpp:355:11
    #4 0x7f3f44a14169 in nsThreadPool::Run() src/xpcom/threads/nsThreadPool.cpp:299:14
    #5 0x7f3f44a05a83 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1234:14
    #6 0x7f3f44a1000c in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:504:10
    #7 0x7f3f45b180e9 in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:302:20
    #8 0x7f3f45a34ed7 in RunInternal src/ipc/chromium/src/base/message_loop.cc:316:10
    #9 0x7f3f45a34ed7 in RunHandler src/ipc/chromium/src/base/message_loop.cc:309:3
    #10 0x7f3f45a34ed7 in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:291:3
    #11 0x7f3f449fe9ba in nsThread::ThreadFunc(void*) src/xpcom/threads/nsThread.cpp:447:10
    #12 0x7f3f62186fa7 in _pt_root src/nsprpub/pr/src/pthreads/ptthread.c:201:5
    #13 0x7f3f65e446da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
    #14 0x7f3f64e2288e in clone /build/glibc-OTsEL5/glibc-2.27/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95

The severity field is not set for this bug.
:jcj, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(jjones)
Severity: -- → S2
Flags: needinfo?(jjones)
Priority: -- → P3
QA Whiteboard: qa-not-actionable

Dana, this is a S2 which hasn't had any activity in a very long time. Can you please re-evaluate its severity and find an assignee for it, if it still is a valid actionable S2?

Flags: needinfo?(dkeeler)
Assignee: nobody → dkeeler
Status: NEW → ASSIGNED
Flags: needinfo?(dkeeler)
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/f2506aaa10bd
webcrypto: avoid passing null to memcpy (even when length is 0) r=jschanck

https://hg.mozilla.org/mozilla-central/rev/f2506aaa10bd

Status: ASSIGNED → RESOLVED
Closed: 8 months ago
status-firefox118: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 118 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: