Closed Bug 1797391 Opened 2 years ago Closed 2 years ago

GeckoChildProcessHost destructor uses process handle after closing it

Categories

(Core :: IPC, defect, P2)

Product:
Core
Component:
IPC
Platform:
Unspecified
Windows
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
108 Branch
Tracking Flags:
Tracking Status
firefox-esr102 --- wontfix
firefox106 --- wontfix
firefox107 --- wontfix
firefox108 --- fixed

People

(Reporter: jld, Assigned: jld)

References

(Regression)

Details

(Keywords: regression)

Attachments

(1 file)

Bug 1797391 - Avoid process handle use-after-close in GeckoChildProcessHost dtor.
48 bytes, text/x-phabricator-request
Details | Review

Found while testing bug 1797175: these operations are in the wrong order, because ProcessWatcher takes ownership of the handle and may close it immediately if the process has already exited. GetProcessId returns 0 for errors, so the DeregisterChildCrashAnnotationFileDescriptor call will silently fail and leak resources.

ProcessWatcher takes ownership of the handle and may close it
immediately if the process has already exited, so that needs to
happen last; currently, because GetProcessId returns 0 for errors,
DeregisterChildCrashAnnotationFileDescriptor will be passed 0 in that
case, and will silently fail and leak resources.

Severity: -- → S3
Priority: -- → P2

Bug 1776197 should make the leak go away as we'll remove that handle.

Pushed by jedavis@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/221e6fabc890 Avoid process handle use-after-close in GeckoChildProcessHost dtor. r=nika

Looks like this was introduced in bug 1407693.

Regressed by: 1407693

Set release status flags based on info from the regressing bug 1407693

status-firefox106: --- → affected
status-firefox107: --- → affected
status-firefox108: --- → affected
status-firefox-esr102: --- → affected

https://hg.mozilla.org/mozilla-central/rev/221e6fabc890

Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox108: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 108 Branch

The patch landed in nightly and beta is affected.
:jld, is this bug important enough to require an uplift?

  • If yes, please nominate the patch for beta approval.
  • If no, please set status-firefox107 to wontfix.

For more information, please visit auto_nag documentation.

Flags: needinfo?(jld)

This bug has been around for 5 years and nobody noticed, and as far as I can tell from the code the impact is just a small resource leak (i.e., not security sensitive), so I think this doesn't need uplift.

status-firefox107: affectedwontfix
Flags: needinfo?(jld)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: