Closed Bug 1747925 Opened 3 years ago Closed 3 years ago

Revert pointer-arithmetic change in malloc_in_sandbox

Categories

(Core :: Security: RLBox, defect)

defect

Tracking

()

RESOLVED FIXED
97 Branch
Tracking Status
firefox-esr91 --- unaffected
firefox95 --- unaffected
firefox96 --- fixed
firefox97 --- fixed

People

(Reporter: bholley, Assigned: bholley)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: regression)

Attachments

(1 file)

In bug 1747514 I made a drive-by correction of some unrelated pointer arithmetic, and we've now realized that the original logic was correct. Filing this bug to revert that part of the change.

Because get_unsandboxed_pointer is templated, the original code was
correct.

Pushed by bholley@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/c5af373ef26d Revert pointer-arithmetic change in malloc_in_sandbox. r=shravanrn

Comment on attachment 9257068 [details]
Bug 1747925 - Revert pointer-arithmetic change in malloc_in_sandbox.

Beta/Release Uplift Approval Request

  • User impact if declined: Slightly weakened security sandbox.
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: No
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Very low risk, just reverts a ride-along change from bug 1747514 (which was recently uplifted to beta).
  • String changes made/needed:
Attachment #9257068 - Flags: approval-mozilla-beta?
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 97 Branch

Set release status flags based on info from the regressing bug 1747514

Comment on attachment 9257068 [details]
Bug 1747925 - Revert pointer-arithmetic change in malloc_in_sandbox.

Approved for 96.0rc1

Attachment #9257068 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Has Regression Range: --- → yes
Blocks: 1754343
Blocks: 1758626
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: