Closed Bug 1762952 Opened 2 years ago Closed 2 years ago

structuredClone should not clone SharedArrayBuffer if not cross-origin isolated

Categories

(Core :: DOM: postMessage, defect, P3)

Product:
Core
Component:
DOM: postMessage
Version:
Firefox 101
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
103 Branch
Tracking Flags:
Tracking Status
firefox103 --- fixed

People

(Reporter: valentinium, Assigned: evilpie)

Details

Attachments

(1 file)

Bug 1762952 - structuredClone should not always allow cloning SharedArrayBuffers. r?smaug
48 bytes, text/x-phabricator-request
Details | Review

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.4959.0 Safari/537.36

Steps to reproduce:

let { SharedArrayBuffer=sayTheLineBart() } = globalThis;

console.assert(crossOriginIsolated === false, "Specific to non-isolated");

try {
structuredClone(new SharedArrayBuffer(1));
console.assert(false, "Shouldn’t clone SAB at all without cross-origin isolation.");
} catch (err) {
console.assert(err.code === DOMException.DATA_CLONE_ERR, "Should throw DataCloneError");
}

function sayTheLineBart() {
return new WebAssembly.Memory({
initial: 0,
maximum: 0,
shared: 1
}).buffer.constructor;
}

Actual results:

SharedArrayBuffer is cloned successfully in a non cross-origin isolated env.

Expected results:

DataCloneError should be thrown.

Verified that the current behavior specified by HTML is by design (https://github.com/whatwg/html/issues/7781) because the Firefox behavior is arguably just trying to be “smarter” (i.e., since it’s known to be safe here). Consistency would still be best.

The Bugbug bot thinks this bug should belong to the 'Core::DOM: Core & HTML' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → DOM: Core & HTML
Product: Firefox → Core
Component: DOM: Core & HTML → DOM: postMessage
Assignee: nobody → echuang
Severity: -- → S3
Priority: -- → P3

Tom, want to take a look? This should be just some missing flag or such.

Flags: needinfo?(evilpies)

(I believe Eden will be on leave for awhile.)

Assignee: echuang → evilpies
Flags: needinfo?(evilpies)
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Pushed by nfay@mozilla.com:
https://hg.mozilla.org/mozilla-central/rev/28ecef349562
structuredClone should not always allow cloning SharedArrayBuffers. r=smaug

https://hg.mozilla.org/mozilla-central/rev/28ecef349562

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox103: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 103 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: