Closed Bug 481434 Opened 16 years ago Closed 16 years ago

Lack of XOW for |this|

Categories

(Core :: XPConnect, defect)

Product:
Core
Component:
XPConnect
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: moz_bug_r_a4, Assigned: mrbkap)

References

Details

(Keywords: fixed1.9.0.12, fixed1.9.1, Whiteboard: [sg:high] regression from regression fix for security fix 460882)

Attachments

(1 file)

Fix
2.19 KB, patch
bzbarsky
: review+
bzbarsky
: superreview+
samuel.sidler+old
: approval1.9.0.12+
Details | Diff | Splinter Review 
This seems to be a regression from bug 480430.

When accessing a window by using |this|, __parent__ property or valueOf.call(),
the window is not wrapped in XOW.
Attached patch FixSplinter Review 
I haven't compiled or tested this, but, ugh.
Assignee: nobody → mrbkap
Status: NEW → ASSIGNED
Attachment #365484 - Flags: superreview?(jst)
Attachment #365484 - Flags: review?(jst)
Comment on attachment 365484 [details] [diff] [review]
Fix

Please, please add tests for this bug and the bug that caused the regression.
Attachment #365484 - Flags: superreview?(jst)
Attachment #365484 - Flags: superreview+
Attachment #365484 - Flags: review?(jst)
Attachment #365484 - Flags: review+
http://hg.mozilla.org/mozilla-central/rev/05401ee5565e and http://hg.mozilla.org/releases/mozilla-1.9.1/rev/e7965660ec6d
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Keywords: fixed1.9.1
Resolution: --- → FIXED
Blocks: 479442
Flags: wanted1.9.0.x+
Whiteboard: [sg:high] regression from regression fix for security fix 460882
Flags: blocking1.9.0.12?
Flags: blocking1.9.0.12? → blocking1.9.0.12+
Blake: I'm guessing this landed on 1.9.0.12 with your roll up patch? Feel free to tell me if not...
Keywords: fixed1.9.0.12
It seems that the 1.9.0 patch does not include the regression fix for this bug.

I can reproduce the testcases in this bug on Mozilla/5.0 (Windows; U; Windows
NT 5.1; en-US; rv:1.9.0.12pre) Gecko/2009062406 GranParadiso/3.0.12pre
*sigh*

Removing the fixed keyword. Blake?
Keywords: fixed1.9.0.12
Attachment #365484 - Flags: approval1.9.0.12+
Comment on attachment 365484 [details] [diff] [review]
Fix

Approved for 1.9.0.12. a=ss
Checking in js/src/xpconnect/src/nsXPConnect.cpp;
/cvsroot/mozilla/js/src/xpconnect/src/nsXPConnect.cpp,v  <--  nsXPConnect.cpp
new revision: 1.174; previous revision: 1.173
done
Keywords: fixed1.9.0.12
This is weird. I tried all through cases, as local files, via http and via https here on bugzilla, and none of them give an alert with cookie information on Firefox 3.0.11 on Windows XP. The same happens on 3.0.12. This doesn't jive with the reporter mentioning the issue as not fixed in a 3.0.12pre build earlier.

I'm baffled.
Al, this was a regression from a bug that landed on trunk first, and then this was fixed on trunk. It's blocking and "fixed" on the 1.9.0 branch because the patch was required there. This bug never actually affected the 1.9.0 branch, though.
Comment #8 is confusing then:

"It seems that the 1.9.0 patch does not include the regression fix for this bug.

I can reproduce the testcases in this bug on Mozilla/5.0 (Windows; U; Windows
NT 5.1; en-US; rv:1.9.0.12pre) Gecko/2009062406 GranParadiso/3.0.12pre"

If it didn't affect the 1.9.0 branch...
(In reply to comment #14)
> If it didn't affect the 1.9.0 branch...

There was a short window of time between when the fix for bug 479442 landed on the 1.9.0 branch (on 6/23 or so) and when this patch landed on the 1.9.0 branch (on 6/24) where the 1.9.0 branch was affected. However, none of the official releases were affected.

Sorry for the confusion!
Ok. Nothing for QA to do here then.
Group: core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: