NULL dereferences on MIME handler failures on OpenBSD
Categories
(Firefox :: Untriaged, defect)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr102 | --- | unaffected |
| firefox110 | --- | wontfix |
| firefox111 | --- | wontfix |
| firefox112 | --- | fixed |
People
(Reporter: tb, Assigned: tb)
References
(Regression)
Details
(Keywords: regression)
Attachments
(7 files)
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review |
Steps to reproduce:
Try to download a magnet feed, selecting qbittorrent as handler.
Actual results:
The firefox main process crashed
Expected results:
Firefox should have downloaded the magnet feed and passed it to qbittorrent to handle.
|
Assignee | |
Comment 1•1 year ago
|
||
content_type can be populated and result_uncertain can be true,
and in that case, content_type leaks.
|
|
Assignee | |
Comment 2•1 year ago
|
||
There are various failure paths that result in NULL dereferences
of error. Fix this by setting the error explicitly to match the
API contract of the glib2 functions these replace. These crashes
are particularly annoying since they happen in the main process.
Depends on D170274
|
||
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
|
||
Updated•1 year ago
|
|
|
||
Comment 4•1 year ago
|
||
Set release status flags based on info from the regressing bug 1714919
|
||
Comment 5•1 year ago
•
|
||
Fwiw, i've backported the patch to thunderbird 110.0b4 which i'm testing, and i think g_warning is redundant with g_set_error since i have this on stderr:
[Parent 62186, Main Thread] WARNING: Could not find content type for URI: https://www.thunderbird.net/thunderbird/102.0/eoy/: 'glib warning', file /usr/obj/ports/thunderbird-110.0beta4/thunderbird-110.0/toolkit/xre/nsSigHandlers.cpp:167
** (thunderbird-default:62186): WARNING **: 22:35:03.536: Could not find content type for URI: https://www.thunderbird.net/thunderbird/102.0/eoy/
[Parent 62186, Main Thread] WARNING: Could not launch default application for URI: Could not find content type for URI: https://www.thunderbird.net/thunderbird/102.0/eoy/: 'glib warning', file /usr/obj/ports/thunderbird-110.0beta4/thunderbird-110.0/toolkit/xre/nsSigHandlers.cpp:167
** (thunderbird-default:62186): WARNING **: 22:35:03.536: Could not launch default application for URI: Could not find content type for URI: https://www.thunderbird.net/thunderbird/102.0/eoy/
since the initial intent of g_warning was to have some feedback on stderr, if setting error via g_set_error makes it printed to stderr, then we can delete the g_warning call.
without the patch, thunderbird crashed straight away at the same spot, so it definitely avoids that NULL deref.
:stransky, what do you think about it ?
|
|
Assignee | |
Comment 6•1 year ago
|
||
The errors set using g_set_error() are printed later, so these are
redundant. Drop them.
Depends on D170275
|
|
||
Updated•1 year ago
|
|
|
Assignee | |
Comment 7•1 year ago
|
||
Depends on D170345
|
|
Assignee | |
Comment 8•1 year ago
|
||
g_filename_from_uri() allocates the path it returns, so that
must also be freed.
Depends on D170402
|
|
Assignee | |
Comment 9•1 year ago
|
||
Depends on D170413
|
|
||
Comment 10•1 year ago
|
||
:stransky: can we have all the commits squashed in one (once reviewed) when landing ? phabricator can be super user-hostile for outsiders/newcomers...
|
||
Comment 11•1 year ago
|
||
Theo, do you mind to create just one big patch for all those changes? It may be easier to review / land and also check all changes are in place.
Thanks.
|
|
Assignee | |
Comment 12•1 year ago
|
||
There are various failure paths that result in NULL dereferences
of error. Fix this by setting the error explicitly to match the
API contract of the glib2 functions these OpenBSD specific functions
replace. The crashes are particularly annoying since they happen in
the main process. In addition, plug a number of memory leaks.
|
||
Comment 13•1 year ago
|
||
Pushed by alissy@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/022f05513860 Ensure OpenBSD URI handlers set GError on failure r=gaston,stransky
|
||
Updated•1 year ago
|
|
||
Comment 14•1 year ago
|
||
| bugherder | ||
|
||
Comment 15•1 year ago
|
||
Unfortunately we dont have the correct environment to verify this issue, @Theo Buehler could please check on your end in our latest Nightly build and see if the issue is fixed or if it still occurs ? you can find the build here: https://nightly.mozilla.org/
|
|
||
Comment 16•1 year ago
|
||
(In reply to Rares Doghi from comment #15)
Unfortunately we dont have the correct environment to verify this issue, @Theo Buehler could please check on your end in our latest Nightly build and see if the issue is fixed or if it still occurs ? you can find the build here: https://nightly.mozilla.org/
there are no nightly builds for tier3 platforms, but it's been tested on our side and backported to the firefox 110 package shipped to OpenBSD users.
|
||
Updated•1 year ago
|
Description
•