Enabling CHIPS after creating a partitioned cookie crashes the browser (EXC_BAD_ACCESS (SIGSEGV))
Categories
(Core :: Privacy: Anti-Tracking, defect, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox128 | --- | fixed |
People
(Reporter: nchevobbe, Assigned: timhuang)
References
(Blocks 1 open bug)
Details
Attachments
(2 files)
Not sure how reproducible it is, but I got a few crashes while working on Bug 1895215
- With
network.cookie.cookieBehavior.optInPartitioning
set totrue
, andnetwork.cookie.CHIPS.enabled
set tofalse
- On any tab, open DevTools Console
- Evaluate
document.cookie="foo=bar; Secure; Partitioned;"
- Then go to about:config and set
network.cookie.CHIPS.enabled
totrue
- Go back to your tab and reload it
-> the browser crashes (see attachement)
now, whenever I try to open the browser with this profile, I get an instant crash
Reporter | ||
Updated•1 month ago
|
Assignee | ||
Updated•1 month ago
|
Assignee | ||
Updated•1 month ago
|
Assignee | ||
Comment 1•1 month ago
|
||
There are some situations that we don't apply storage partitioning, such
as tracker request, privilege reqeusts, and extension requests. In these
case, we don't need to apply CHIPS behavior. Otherwise, we will hit
certain assertions based on partitioning behavior.
In this patch, we also change the way how we determine if a request is
unpartitioned for HTTP requests and tackle an edge cases for extension's
requests.
Pushed by tihuang@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/9618551d3f9f Only apply CHIPS behavior if storage partitioning is enabled for the context. r=bvandersloot,cookie-reviewers,anti-tracking-reviewers,edgul
Comment 3•1 month ago
|
||
Backed out for causing mochitests assertion failures in CookieService.cpp.
- Backout link
- Push with failures
- Failure Log
- Failure line: Assertion failure: storageOriginAttributes.mPartitionKey.IsEmpty(), at /builds/worker/checkouts/gecko/netwerk/cookie/CookieService.cpp:581
Pushed by tihuang@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/0f8c4fe70cab Only apply CHIPS behavior if storage partitioning is enabled for the context. r=bvandersloot,cookie-reviewers,anti-tracking-reviewers,edgul
Comment 5•1 month ago
|
||
bugherder |
Updated•1 month ago
|
Comment 6•1 month ago
|
||
I assume that this bug is the same as bug 1896241? I don't have access to the other so I cannot see if there is a patch or marked as fixed because of the landing of this patch.
Updated•1 month ago
|
Comment 7•1 month ago
|
||
(In reply to Henrik Skupin [:whimboo][⌚️UTC+1] from comment #6)
I assume that this bug is the same as bug 1896241? I don't have access to the other so I cannot see if there is a patch or marked as fixed because of the landing of this patch.
Why do you say it is the same thing? Both look related to CHIPS but I'm not sure how they are the same thing.
Comment 8•1 month ago
|
||
Oh, you are right. Only the first frame for AppendElementsInternal
from bug 1898700 was identical, which was duped against that before-mentioned bug that I'm not able to see. So please ignore my comment.
Updated•1 month ago
|
Description
•