Closed Bug 525483 Opened 15 years ago Closed 15 years ago

IPDL check for uses of deleted actors

Categories

(Core :: IPC, defect)

Product:
Core
Component:
IPC
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: benjamin, Assigned: cjones)

References

Details

Attachments

(1 file)

v1
6.34 KB, patch
Details | Diff | Splinter Review 
Spun off from bug 525454: in that bug, we're returning an invalid actor handle in a result union. IPDL didn't notice this in the callee or the caller, and probably should have noticed in both.
What does "invalid" refer to in this bug?

In IPDL, there are two types of bad actor ID:

  (1) id=0 for a non-nullable actor.  That means someone passed a NULL actor in where they shouldn't have (and is evidence of misbehavior on the "other" side, since passing in a NULL actor should have been caught there)
  (2) id != 0, but id is unknown.  Just an invalid handle.

(2) used to silently produce a NULL actor, but that bug was fixed in bug 524220.

The other bad behavior in bug 525454 was passing an already-delete'd actor to an IPDL method.  IPDL doesn't catch this currently, but valgrind would.
Summary: IPDL doesn't validate actor handles (in unions?) well enough → IPDL check for uses of deleted actors
I'll do this by adding a special "freed actor ID", in addition to id=0, the "NULL actor" ID.
Assignee: nobody → jones.chris.g
Attached patch v1Splinter Review 

        Attachment #409404 -
        Flags: review?(bent.mozilla)

        Attachment #409404 -
        Flags: review?(bent.mozilla)

    
    

    
  
Comment on attachment 409404 [details] [diff] [review]
v1

Pretty minor, no need to waste review time on

    
    

    
  
Pushed http://hg.mozilla.org/projects/electrolysis/rev/82549dbf71d8 to reduce merge conflicts in later patches.  Have a local followup patch, will push that when shmem is ready to land.

    
    

    
  
Sorry ^^^ was meant for bug 523175.

    
    

    
  
Pushed http://hg.mozilla.org/projects/electrolysis/rev/1da06de15940
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: