Closed Bug 1744043 Opened 2 years ago Closed 2 years ago

Missing locking around access to nsJAR members, especially the zip library

Categories

(Core :: Networking: JAR, defect, P2)

defect

Tracking

()

RESOLVED FIXED
100 Branch
Tracking Status
firefox-esr91 --- wontfix
firefox98 --- wontfix
firefox99 --- wontfix
firefox100 --- fixed

People

(Reporter: jesup, Assigned: jesup)

References

(Depends on 1 open bug, Blocks 1 open bug, Regressed 1 open bug)

Details

(Keywords: csectype-race, sec-audit, sec-moderate, Whiteboard: [necko-triaged][post-critsmash-triage][adv-main100+r])

Attachments

(1 file, 1 obsolete file)

nsJAR has had a lock for access to the zip library (and other things) since 2000; however a large number of methods it implements don't take the lock. Since this is used in a multi-threaded manner, this can cause significant risks.

Switching to a RecursiveMutex allows us to lock on all these entrypoints without a major refactor to avoid self-deadlock.

In addition, access to most of the other members of nsJAR should be locked as well.

Is there any chance this is related to corrupted OmniJar files?

Flags: needinfo?(zbraniecki)

Comment on attachment 9253434 [details]
Bug 1744043: Clean up nsJAR r=nika,dragana

Revision D132642 was moved to bug 1207753. Setting attachment 9253434 [details] to obsolete.

Attachment #9253434 - Attachment is obsolete: true

It might be! I'd be happy to investigate correlation. Can you add me to bug 1207753?

Flags: needinfo?(zbraniecki)
Severity: -- → S3
Component: Networking → Networking: JAR
Priority: -- → P2
Whiteboard: [necko-triaged]

Grrr, why did phabricator move my patch?

Group: core-security → network-core-security
Blocks: 1754063

Backed out together with bug 1754063 (touched same file) for causing xpcshell failures on test_ext_clear_cached_resources.js:

https://hg.mozilla.org/integration/autoland/rev/2422c1c90a1e3ee0fbeb4d328eb9ace3986de59d

Push with failure: https://treeherder.mozilla.org/jobs?repo=autoland&group_state=expanded&selectedTaskRun=EZa03lxxRhmxcHr2cp0CFA.0&resultStatus=testfailed%2Cbusted%2Cexception%2Cretry%2Cusercancel&revision=24ee1c0756ae49b467d53c499dd0c16839e05eb2
Failure log: https://treeherder.mozilla.org/logviewer?job_id=370308371&repo=autoland

TEST-UNEXPECTED-FAIL | xpcshell.ini:toolkit/components/extensions/test/xpcshell/test_ext_clear_cached_resources.js | xpcshell return code: 0
Flags: needinfo?(rjesup)
Depends on: 1761255
Group: network-core-security → core-security-release
Status: NEW → RESOLVED
Closed: 2 years ago
Flags: needinfo?(rjesup)
Resolution: --- → FIXED
Target Milestone: --- → 100 Branch
Flags: qe-verify-
Whiteboard: [necko-triaged] → [necko-triaged][post-critsmash-triage]
Regressions: 1761667
Whiteboard: [necko-triaged][post-critsmash-triage] → [necko-triaged][post-critsmash-triage][adv-main100+r]
Group: core-security-release
Regressions: 1851295
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: