Closed Bug 1682766 Opened 3 years ago Closed 3 years ago

[wpt-sync] Sync PR 26921 - Fix nullptr dereference accessing PolicyContainer in Blink

Tracking

()

Status:

RESOLVED FIXED

Milestone:

86 Branch

Tracking Flags:

Tracking

Status

firefox86

---

fixed

People

(Reporter: mozilla.org, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream][domsecurity-backlog])

Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)

Assignee

Description

•

3 years ago

Sync web-platform-tests PR 26921 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/26921
Details from upstream follow.

b'Antonio Sartori <antoniosartori@chromium.org>' wrote:

Fix nullptr dereference accessing PolicyContainer in Blink

When parsing a referrer policy from a meta tag, we were trying to
update the PolicyContainer (and with it, the PolicyContainerHost in
the Browser process) without checking for it not to be
nullptr. However, the PolicyContainer is nullptr for LocalFrames which
have no RenderFrameHost counterpart in the browser, which are used for
rendering SVG images. As a consequence, there are cases in which a
meta tag in an SVG image made the renderer crash.

This change adds a nullptr check to fix this.

Bug: 1158034, 1130587
Change-Id: Ia0b5c51b4d1d68cfd7329da8c5e153bdef7deb3c
Reviewed-on: https://chromium-review.googlesource.com/2593000
WPT-Export-Revision: ce48087277d65732896b761f2e248393fb9cc3a2

Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)

Assignee

Updated

•

3 years ago

Component: web-platform-tests → DOM: Security

Product: Testing → Core

Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)

Assignee

Comment 1

•

3 years ago

Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=010c8a2717af719b6ae1cd937622c00f6fe994bc

Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)

Assignee

Comment 2

•

3 years ago

CI Results

Ran 0 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 1 tests and 1 subtests

Status Summary

Firefox

OK : 1
PASS: 1

Chrome

OK : 1
PASS: 1

Safari

OK : 1
PASS: 1

Links

GitHub PR Head
GitHub PR Base

Christoph Kerschbaumer [:ckerschb]

Updated

•

3 years ago

Whiteboard: [wptsync downstream] → [wptsync downstream][domsecurity-backlog]

Web Platform Test Sync Bot (Matrix: #interop:mozilla.org)

Assignee

Updated

•

3 years ago

Depends on: 1683207

Pulsebot

Comment 3

•

3 years ago

Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/f9435c50f12d
[wpt PR 26921] - Fix nullptr dereference accessing PolicyContainer in Blink, a=testonly

Alexandru Michis [:malexandru]

Comment 4

•

3 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/f9435c50f12d

Status: NEW → RESOLVED

Closed: 3 years ago

status-firefox86: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → 86 Branch

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

[wpt-sync] Sync PR 26921 - Fix nullptr dereference accessing PolicyContainer in Blink

Categories

(Core :: DOM: Security, task, P4)

Tracking

()

People

(Reporter: mozilla.org, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream][domsecurity-backlog])

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Comment 2

CI Results

Status Summary

Firefox

Chrome

Safari

Links

Updated

Updated

Comment 3

Comment 4