Closed Bug 1829641 Opened 1 years ago Closed 1 years ago

Crash in [@ mozilla::gmp::GMPChild::GetUTF8LibPath]

Categories

(Core :: Audio/Video: GMP, defect, P3)

Product:
Core
Component:
Audio/Video: GMP
Platform:
Desktop
All
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
114 Branch
Tracking Flags:
Tracking Status
firefox-esr102 --- wontfix
firefox112 --- wontfix
firefox113 --- wontfix
firefox114 --- fixed

People

(Reporter: aosmond, Assigned: aosmond)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Bug 1829641 - Only normalize file paths in parent in behalf of GMP process.
48 bytes, text/x-phabricator-request
Details | Review

Crash report: https://crash-stats.mozilla.org/report/index/b304089d-e157-4d77-b772-4288f0230420

MOZ_CRASH Reason: MOZ_CRASH(Failed to normalize plugin file)

Top 10 frames of crashing thread:

0  libxul.so  mozilla::gmp::GMPChild::GetUTF8LibPath  dom/media/gmp/GMPChild.cpp:278
1  libxul.so  mozilla::gmp::GMPChild::RecvStartPlugin  dom/media/gmp/GMPChild.cpp:496
2  libxul.so  mozilla::gmp::PGMPChild::OnMessageReceived  ipc/ipdl/PGMPChild.cpp:787
3  libxul.so  mozilla::ipc::MessageChannel::DispatchSyncMessage  ipc/glue/MessageChannel.cpp:1767
3  libxul.so  mozilla::ipc::MessageChannel::DispatchMessage  ipc/glue/MessageChannel.cpp:1723
4  libxul.so  mozilla::ipc::MessageChannel::RunMessage  ipc/glue/MessageChannel.cpp:1525
4  libxul.so  mozilla::ipc::MessageChannel::MessageTask::Run  ipc/glue/MessageChannel.cpp:1623
5  libxul.so  MessageLoop::RunTask  ipc/chromium/src/base/message_loop.cc:492
5  libxul.so  MessageLoop::DeferOrRunPendingTask  ipc/chromium/src/base/message_loop.cc:501
5  libxul.so  MessageLoop::DoWork  ipc/chromium/src/base/message_loop.cc:576

The recent crash reports provide the evidence that it is indeed the path normalization/resolving links that is failing in the plugin process. Windows specifically is hitting a permission denied failure case.

The solution is just to not do this in the plugin process. We already are supposed to be resolving links/normalizing the path passed into the plugin process, so there is no need to do it again. Our only option is to just trust the path since we aren't privileged enough to verify it anyways.

This patch makes the parent process fully normalize paths before
passing it to the GMP plugin process. Now the plugin process can
avoid trying to normalize itself and run into sandboxing issues.
This was causing one form of startup crashes for Widevine.

Pushed by aosmond@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/65f977e5ade4 Only normalize file paths in parent in behalf of GMP process. r=media-playback-reviewers,alwu

https://hg.mozilla.org/mozilla-central/rev/65f977e5ade4

Status: ASSIGNED → RESOLVED
Closed: 1 years ago
status-firefox114: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 114 Branch

Backed out for causing build bustages at GMPProcessParent.cpp

Backout: https://hg.mozilla.org/mozilla-central/rev/a5a273e3b1fdbeb8890d8bdd48d56cdee6ddbcb3

Status: RESOLVED → REOPENED
status-firefox114: fixed → ---
Resolution: FIXED → ---
Target Milestone: 114 Branch → ---
Pushed by aosmond@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/0cbfc693e930 Only normalize file paths in parent in behalf of GMP process. r=media-playback-reviewers,alwu

https://hg.mozilla.org/mozilla-central/rev/0cbfc693e930

Status: REOPENED → RESOLVED
Closed: 1 years ago1 years ago
status-firefox114: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 114 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: