Closed
Bug 1747925
Opened 2 years ago
Closed 2 years ago
Revert pointer-arithmetic change in malloc_in_sandbox
Categories
(Core :: Security: RLBox, defect)
Core
Security: RLBox
Tracking
()
RESOLVED
FIXED
97 Branch
| Tracking | Status | |
|---|---|---|
| firefox-esr91 | --- | unaffected |
| firefox95 | --- | unaffected |
| firefox96 | --- | fixed |
| firefox97 | --- | fixed |
People
(Reporter: bholley, Assigned: bholley)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: regression)
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
diannaS
:
approval-mozilla-beta+
|
Details | Review |
In bug 1747514 I made a drive-by correction of some unrelated pointer arithmetic, and we've now realized that the original logic was correct. Filing this bug to revert that part of the change.
|
Assignee | |
Comment 1•2 years ago
|
||
Because get_unsandboxed_pointer is templated, the original code was
correct.
Pushed by bholley@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/c5af373ef26d Revert pointer-arithmetic change in malloc_in_sandbox. r=shravanrn
|
|
Assignee | |
Comment 3•2 years ago
|
||
Comment on attachment 9257068 [details]
Bug 1747925 - Revert pointer-arithmetic change in malloc_in_sandbox.
Beta/Release Uplift Approval Request
- User impact if declined: Slightly weakened security sandbox.
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Very low risk, just reverts a ride-along change from bug 1747514 (which was recently uplifted to beta).
- String changes made/needed:
Attachment #9257068 -
Flags: approval-mozilla-beta?
|
||
Comment 4•2 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox97:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 97 Branch
|
||
Updated•2 years ago
|
Keywords: regression
|
|
||
Comment 5•2 years ago
|
||
Set release status flags based on info from the regressing bug 1747514
status-firefox95:
--- → unaffected
status-firefox96:
--- → affected
status-firefox-esr91:
--- → unaffected
|
||
Comment 6•2 years ago
•
|
||
Comment on attachment 9257068 [details]
Bug 1747925 - Revert pointer-arithmetic change in malloc_in_sandbox.
Approved for 96.0rc1
Attachment #9257068 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
|
||
Comment 7•2 years ago
|
||
| bugherder uplift | ||
|
||
Updated•2 years ago
|
Has Regression Range: --- → yes
You need to log in
before you can comment on or make changes to this bug.
Description
•