The default bug view has changed. See this FAQ.

nsZipReaderCache::GetZip doesn't null-check the zipFile argument

RESOLVED FIXED in mozilla1.9.1b1

Status

()

Core
Networking: JAR
--
critical
RESOLVED FIXED
9 years ago
8 years ago

People

(Reporter: WeirdAl, Assigned: WeirdAl)

Tracking

({crash, fixed1.8.1.18, verified1.9.0.4})

Trunk
mozilla1.9.1b1
crash, fixed1.8.1.18, verified1.9.0.4
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment, 1 obsolete attachment)

Comment hidden (empty)
(Assignee)

Comment 1

9 years ago
Created attachment 336446 [details] [diff] [review]
patch

I'm compiling with this patch now, I'll let you know test results as soon as I can.
Assignee: nobody → ajvincent
Status: NEW → ASSIGNED
Attachment #336446 - Flags: superreview?(cbiesinger)
Attachment #336446 - Flags: review?(cbiesinger)
(Assignee)

Comment 2

9 years ago
xpcshell test passes, this fixes the crash.
Comment on attachment 336446 [details] [diff] [review]
patch

+  NS_ENSURE_ARG(zipFile);

should be NS_ENSURE_ARG_POINTER (and an appropriately fixed test)
Attachment #336446 - Flags: superreview?(cbiesinger)
Attachment #336446 - Flags: superreview+
Attachment #336446 - Flags: review?(cbiesinger)
Attachment #336446 - Flags: review+
(Assignee)

Comment 4

9 years ago
Created attachment 336448 [details] [diff] [review]
patch corrected for check-in
Attachment #336446 - Attachment is obsolete: true
(Assignee)

Updated

9 years ago
Keywords: checkin-needed
http://hg.mozilla.org/mozilla-central/rev/6c8c8fc37617
Status: ASSIGNED → RESOLVED
Last Resolved: 9 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.1b1
(Assignee)

Comment 6

9 years ago
Null dereference crash, simple fix, requesting approval for 1.9.0.x and 1.8.1.x branches.
Flags: wanted1.9.0.x?
Flags: wanted1.8.1.x?
(Assignee)

Comment 7

9 years ago
whoops, wrong way to do it
Flags: wanted1.9.0.x?
Flags: wanted1.8.1.x?
(Assignee)

Comment 8

9 years ago
Comment on attachment 336446 [details] [diff] [review]
patch

Null dereference crash, simple fix, requesting approval for 1.9.0.x and 1.8.1.x
branches.
Attachment #336446 - Flags: approval1.9.0.3?
Attachment #336446 - Flags: approval1.8.1.18?
Attachment #336446 - Flags: approval1.9.0.3?
Attachment #336446 - Flags: approval1.8.1.18?
Comment on attachment 336448 [details] [diff] [review]
patch corrected for check-in

Approved for 1.8.1.17 and 1.9.0.3, a=dveditz for release-drivers
Attachment #336448 - Flags: approval1.9.0.3+
Attachment #336448 - Flags: approval1.8.1.18+
Alex: Are you intending on getting this checked in?
(Assignee)

Comment 11

9 years ago
Samuel, I don't have checkin privileges, someone else will have to do it for me.
Keywords: checkin-needed
Whiteboard: needs checkin on the 1.8 and 1.9.0 branches
Fix checked into 1.8 and 1.9.0 branches
Keywords: checkin-needed → fixed1.8.1.18, fixed1.9.0.4
Is there a test case or repro steps to verify this bug?
(Assignee)

Comment 14

9 years ago
Al:  The patch includes a xpcshell testcase, so trunk and 1.9 tinderboxes will already be running it. (I hope!)
In fact, I see it running and passing at http://tinderbox.mozilla.org/showlog.cgi?log=Firefox3.0/1224785686.1224788396.19521.gz.

Marking it as verified for 1.9.0.4.
Keywords: fixed1.9.0.4 → verified1.9.0.4
Of course, I should verify it for 1.8.1.18 as well but the test doesn't run there.
Flags: in-testsuite+
Whiteboard: needs checkin on the 1.8 and 1.9.0 branches
You need to log in before you can comment on or make changes to this bug.