Closed
Bug 1765973
Opened 2 years ago
Closed 2 years ago
fix a few lifetime issues in APZTaskRunnable
Categories
(Core :: Panning and Zooming, defect)
Core
Panning and Zooming
Tracking
()
RESOLVED
FIXED
102 Branch
People
(Reporter: tnikkel, Assigned: tnikkel)
Details
(Keywords: sec-audit, Whiteboard: [post-critsmash-triage][adv-main101+r])
Attachments
(1 file)
48 bytes,
text/x-phabricator-request
|
tjr
:
approval-mozilla-beta+
tjr
:
sec-approval+
|
Details | Review |
I found these while reading the code for bug 1764878, however I can't see how they would cause bug 1764878. Still good to fix them though.
Assignee | ||
Comment 1•2 years ago
|
||
Updated•2 years ago
|
Assignee: nobody → tnikkel
Status: NEW → ASSIGNED
Updated•2 years ago
|
Group: core-security → gfx-core-security
Updated•2 years ago
|
Attachment #9273428 -
Attachment description: Bug 1765973. r?hiro → Bug 1765973. Hold a GeckoContentController reference for RepaintContentRepaint calls. r?hiro
Assignee | ||
Comment 2•2 years ago
|
||
Comment on attachment 9273428 [details]
Bug 1765973. Hold a GeckoContentController reference for RepaintContentRepaint calls. r?hiro
Security Approval Request
- How easily could an exploit be constructed based on the patch?: holding a refptr during a call points to what call might be destroying things
- Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?: No
- Which older supported branches are affected by this flaw?: 95 and newer
- If not all supported branches, which bug introduced the flaw?: Bug 1730998
- Do you have backports for the affected branches?: Yes
- If not, how different, hard to create, and risky will they be?: trivial
- How likely is this patch to cause regressions; how much testing does it need?: not likely, just holding strong pointers to things during calls that can destroy things
- Is Android affected?: Yes
Attachment #9273428 -
Flags: sec-approval?
Comment 3•2 years ago
|
||
Comment on attachment 9273428 [details]
Bug 1765973. Hold a GeckoContentController reference for RepaintContentRepaint calls. r?hiro
Approved to land and uplift
Attachment #9273428 -
Flags: sec-approval?
Attachment #9273428 -
Flags: sec-approval+
Attachment #9273428 -
Flags: approval-mozilla-beta+
Comment 4•2 years ago
|
||
Hold a GeckoContentController reference for RepaintContentRepaint calls. r=hiro
https://hg.mozilla.org/integration/autoland/rev/e4e3eb6afc7eaec276d6b06b8873e30b7716b9d3
https://hg.mozilla.org/mozilla-central/rev/e4e3eb6afc7e
Group: gfx-core-security → core-security-release
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox102:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 102 Branch
Comment 5•2 years ago
|
||
uplift |
Landed for 101.0b3.
https://hg.mozilla.org/releases/mozilla-beta/rev/240ec08c5353
status-firefox100:
--- → wontfix
status-firefox101:
--- → fixed
status-firefox-esr91:
--- → unaffected
tracking-firefox101:
--- → +
tracking-firefox102:
--- → +
Updated•2 years ago
|
Flags: qe-verify-
Whiteboard: [post-critsmash-triage]
Updated•2 years ago
|
Whiteboard: [post-critsmash-triage] → [post-critsmash-triage][adv-main101+r]
Updated•1 year ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•