Crash in nsExpatDriver::WillBuildModel
Categories
(Core :: Security: RLBox, defect)
Tracking
()
People
(Reporter: bholley, Assigned: bholley)
References
(Blocks 1 open bug, Regressed 1 open bug)
Details
Crash Data
Attachments
(3 files)
|
48 bytes,
text/x-phabricator-request
|
diannaS
:
approval-mozilla-beta+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
diannaS
:
approval-mozilla-beta+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
diannaS
:
approval-mozilla-beta+
|
Details | Review |
|
Assignee | |
Updated•2 years ago
|
|
|
Assignee | |
Updated•2 years ago
|
|
||
Updated•2 years ago
|
|
|
Assignee | |
Comment 1•2 years ago
|
||
|
|
Assignee | |
Comment 2•2 years ago
|
||
We were double-allocating in TransferBuffer, but that was canceling out
the fact that we were only half-copying.
|
|
Assignee | |
Comment 3•2 years ago
|
||
Pushed by bholley@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/1fd2be5bdbf2 Fix some pointer arithmetic issues in RLBox. r=shravanrn https://hg.mozilla.org/integration/autoland/rev/cd3ef51bafb9 Make RLBoxTransferBufferToSandbox properly fallible. r=shravanrn https://hg.mozilla.org/integration/autoland/rev/95ced5795758 Ensure the expat sandbox is large enough to hold the base URI. r=shravanrn,deian
|
||
Comment 5•2 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/1fd2be5bdbf2
https://hg.mozilla.org/mozilla-central/rev/cd3ef51bafb9
https://hg.mozilla.org/mozilla-central/rev/95ced5795758
|
||
Comment 6•2 years ago
|
||
The patch landed in nightly and beta is affected.
:bholley, is this bug important enough to require an uplift?
If not please set status_beta to wontfix.
For more information, please visit auto_nag documentation.
|
|
Assignee | |
Comment 7•2 years ago
|
||
Comment on attachment 9256763 [details]
Bug 1747514 - Ensure the expat sandbox is large enough to hold the base URI.
Beta/Release Uplift Approval Request
- User impact if declined: Crashes.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Patches are small, fix some clear and well-understood bugs.
- String changes made/needed:
|
|
Assignee | |
Updated•2 years ago
|
|
|
||
Comment 8•2 years ago
|
||
Comment on attachment 9256763 [details]
Bug 1747514 - Ensure the expat sandbox is large enough to hold the base URI.
Approved for 96.0b10
|
|
||
Updated•2 years ago
|
|
|
||
Comment 9•2 years ago
|
||
Comment on attachment 9256795 [details]
Bug 1747514 - Make RLBoxTransferBufferToSandbox properly fallible.
Approved for 96.0b10
|
|
||
Comment 10•2 years ago
|
||
| bugherder uplift | ||
https://hg.mozilla.org/releases/mozilla-beta/rev/731710bbc529
https://hg.mozilla.org/releases/mozilla-beta/rev/45bc7cbe3df7
https://hg.mozilla.org/releases/mozilla-beta/rev/e68bbeac2dae
Description
•