Firefox crashes on invalid privacy.restrict3rdpartystorage.skip_list setting
Categories
(Core :: Privacy: Anti-Tracking, defect)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr78 | --- | unaffected |
| firefox89 | --- | wontfix |
| firefox90 | --- | wontfix |
| firefox91 | --- | fixed |
People
(Reporter: brennan.brisad, Assigned: brennan.brisad)
Details
Crash Data
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
jcristau
:
approval-mozilla-beta-
|
Details | Review |
Steps to reproduce:
- Go to
about:config. - Create a
privacy.restrict3rdpartystorage.skip_liststring and input;as its value. - Firefox crashes.
The crash happens while executing PartitioningExceptionList::OnExceptionListUpdate since the it does not properly handle invalid input: https://searchfox.org/mozilla-central/source/toolkit/components/antitracking/PartitioningExceptionList.cpp#124-150
|
Assignee | |
Comment 1•3 years ago
|
||
I wrote a patch to fix this. I'll check if I can remember how to get it into Phabricator.
|
|
Assignee | |
Comment 2•3 years ago
|
||
|
||
Updated•3 years ago
|
|
|
Assignee | |
Comment 3•3 years ago
|
||
Thanks for the review! Could someone please land the fix, as I don't have the rights to do it myself.
Pushed by tihuang@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/7da256f6d3b3 Don't crash on invalid privacy.restrict3rdpartystorage.skip_list r=timhuang
|
||
Comment 5•3 years ago
|
||
| bugherder | ||
|
||
Comment 6•3 years ago
|
||
The patch landed in nightly and beta is affected.
:brennan.brisad, is this bug important enough to require an uplift?
If not please set status_beta to wontfix.
For more information, please visit auto_nag documentation.
|
|
Assignee | |
Comment 7•3 years ago
•
|
||
Comment on attachment 9224535 [details]
Bug 1713475 - Don't crash on invalid privacy.restrict3rdpartystorage.skip_list
Beta/Release Uplift Approval Request
- User impact if declined: An user wanting to add an exemption to State Partitioning by following the instructions here https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#exempt_specific_origins_from_partitioning, can simply mistype the syntax and instantly crash Firefox.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): The change is only adding two simple conditionals to avoid dereferencing invalid pointers.
- String changes made/needed: none
|
||
Updated•3 years ago
|
|
|
||
Comment 8•3 years ago
|
||
Comment on attachment 9224535 [details]
Bug 1713475 - Don't crash on invalid privacy.restrict3rdpartystorage.skip_list
AFAICT this isn't often hit in the wild, so I prefer to let it ride the trains.
|
|
||
Updated•3 years ago
|
|
|
||
Comment 9•3 years ago
|
||
One crash report I noticed that looks like it hit this bug is bp-b0524b53-f245-4fe2-b114-3cbcd0210513
Description
•