Closed Bug 1741407 Opened 3 years ago Closed 2 years ago

[wpt-sync] Sync PR 31646 - [PaymentHandler] Avoid crash from too-long icon type

Categories

(Core :: DOM: Web Payments, task, P4)

Product:
Core
Component:
DOM: Web Payments
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
96 Branch
Tracking Flags:
Tracking Status
firefox96 --- fixed

People

(Reporter: mozilla.org, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 31646 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/31646
Details from upstream follow.

Stephen McGruer <smcgruer@chromium.org> wrote:

[PaymentHandler] Avoid crash from too-long icon type

Before this CL, passing a (very) large string for an icon's type to
paymentManager.instruments.set would result in mojo killing the
renderer for being badly behaved. This CL changes the Blink-side logic
to truncate the type to 4096 characters, which should be more than
enough given the type has to be a valid MIME type by spec0.

Bug: 810792
Change-Id: I78beebb9d934d321c640b8238ad27d094fd6b3dc
Reviewed-on: https://chromium-review.googlesource.com/3283985
WPT-Export-Revision: 087e15574fcf14e50974efad534341a763d914a0

Component: web-platform-tests → DOM: Web Payments
Product: Testing → Core

CI Results

Ran 11 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 1 tests and 17 subtests

Status Summary

Firefox

OK : 1
FAIL : 17

Chrome

CRASH: 1

Safari

OK : 1
FAIL : 17

Links

Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base

Details

New Tests That Don't Pass

/payment-handler/payment-instruments.https.html: OK [GitHub], SKIP [Gecko-android-em-7.0-x86_64-lite-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-linux1804-64-tsan-qr-opt, Gecko-windows10-32-2004-qr-debug, Gecko-windows10-32-2004-qr-opt, Gecko-windows10-64-2004-qr-debug, Gecko-windows10-64-2004-qr-opt] (Chrome: CRASH, Safari: OK)
Instrument keys are returned in the original insertion order: FAIL (Safari: FAIL)
Deleting an existing instrument returns true: FAIL (Safari: FAIL)
Deleting an existing instrument the second time returns false: FAIL (Safari: FAIL)
Deleting a non-existing instrument returns false: FAIL (Safari: FAIL)
Getting an existing instrument returns the instrument: FAIL (Safari: FAIL)
Getting a non-existing instrument returns undefined: FAIL (Safari: FAIL)
Resetting an existing instrument updates the instrument: FAIL (Safari: FAIL)
Clearing the instruments: FAIL (Safari: FAIL)
Cannot register instruments with invalid icon media type image/jif: FAIL (Safari: FAIL)
Don't crash when registering instruments with very long icon media type image/pngggggg...: FAIL (Safari: FAIL)
Don't crash when registering an instrument with a very long icon size 888...x888...: FAIL (Safari: FAIL)
Cannot register instruments with invalid icon size "256 256" (missing "x"): FAIL (Safari: FAIL)
Cannot register instruments with invalid icon URL (has a null character): FAIL (Safari: FAIL)
Cannot register instruments with non-existing non-https icon URL: FAIL (Safari: FAIL)
Cannot register instruments with an existing non-https icon URL: FAIL (Safari: FAIL)
Don't crash on very long key, name, method, and capability strings.: FAIL (Safari: FAIL)
Don't crash on null characters in key, name, method, and capability strings.: FAIL (Safari: FAIL)

Tests Disabled in Gecko Infrastructure

/payment-handler/payment-instruments.https.html: OK [GitHub], SKIP [Gecko-android-em-7.0-x86_64-lite-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-linux1804-64-tsan-qr-opt, Gecko-windows10-32-2004-qr-debug, Gecko-windows10-32-2004-qr-opt, Gecko-windows10-64-2004-qr-debug, Gecko-windows10-64-2004-qr-opt] (Chrome: CRASH, Safari: OK)

Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/5ba5de8a075f
[wpt PR 31646] - [PaymentHandler] Avoid crash from too-long icon type, a=testonly

https://hg.mozilla.org/mozilla-central/rev/5ba5de8a075f

Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox96: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 96 Branch
You need to log in before you can comment on or make changes to this bug.