Closed
Bug 526789
Opened 16 years ago
Closed 16 years ago
UMR in nsCookieService::CountCookiesFromHostInternal, GetCookiesFromHost, and GetCookieInternal when given empty host string
Categories
(Core :: Networking: Cookies, defect)
Core
Networking: Cookies
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| status1.9.2 | --- | beta5-fixed |
| status1.9.1 | --- | .8-fixed |
People
(Reporter: mrbkap, Assigned: dwitte)
References
Details
Attachments
(1 file, 2 obsolete files)
|
14.09 KB,
patch
|
dwitte
:
review+
beltzner
:
approval1.9.2+
dveditz
:
approval1.9.1.8+
|
Details | Diff | Splinter Review |
Since I don't actually believe we purposely pass these functions an empty string, I think I ran out of memory allocating a string and we passed that empty string to GetCookiesFromHost.
While the request is nonsensical, we should deal more gracefully with this condition.
|
Assignee | |
Comment 2•16 years ago
|
||
This applies to 1.9.1, 1.9.2, and trunk. It may be the cause of some of the crashreports in cookieservice, too. We should fix this ASAP and see what the stats say.
OS: Mac OS X → All
Hardware: x86 → All
Summary: nsCookieService::CountCookiesFromHostInternal and nsCookieService::GetCookiesFromHost read uninitialized memory in OOM-type conditions → UMR in nsCookieService::CountCookiesFromHostInternal, GetCookiesFromHost, and GetCookieInternal when given empty host string
Version: 1.9.1 Branch → Trunk
|
|
Assignee | |
Comment 3•16 years ago
|
||
Check and assert the precondition that host is never empty or ".", and add xpcshell tests to that effect.
|
|
Assignee | |
Updated•16 years ago
|
Attachment #411270 -
Flags: review? → review?(cbiesinger)
|
||
Comment 4•16 years ago
|
||
Comment on attachment 411270 [details] [diff] [review]
patch v1
+++ b/netwerk/cookie/src/nsCookieService.cpp
+ NS_ENSURE_TRUE(!aDomain.IsEmpty() && !aDomain.EqualsLiteral("."), NS_ERROR_INVALID_ARG);
80 characters, please (in a few places)
Attachment #411270 -
Flags: review?(cbiesinger) → review+
|
|
Assignee | |
Comment 5•16 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/a696d331ebf7
Requesting approval for 1.9.2 and 1.9.1 branch - this will probably clear up a bunch of crashes. (Not really enough to measure from trunk usage, though, so we should get this on 1.9.2 if we want to get an accurate measurement.)
Attachment #411270 -
Attachment is obsolete: true
Attachment #411316 -
Flags: review+
Attachment #411316 -
Flags: approval1.9.2?
Attachment #411316 -
Flags: approval1.9.1.6?
|
||
Comment 6•16 years ago
|
||
Backed you out on the trunk, for failures like http://tinderbox.mozilla.org/showlog.cgi?log=Firefox-Unittest/1257819241.1257823829.5261.gz&fulltext=1 on very nearly every everythingelse run after your push.
|
||
Comment 7•16 years ago
|
||
(In reply to comment #6)
> Backed you out on the trunk, for failures like
> http://tinderbox.mozilla.org/showlog.cgi?log=Firefox-Unittest/1257819241.1257823829.5261.gz&fulltext=1
> on very nearly every everythingelse run after your push.
You also caused a Txul regression. ;)
|
||
Comment 8•16 years ago
|
||
Comment on attachment 411316 [details] [diff] [review]
patch v2
not going to make 1.9.1.6 -- you can try again for the next release after trunk/1.9.2 landing and testing.
Attachment #411316 -
Flags: approval1.9.1.6? → approval1.9.1.6-
|
|
Assignee | |
Updated•16 years ago
|
Attachment #411316 -
Flags: approval1.9.2?
|
|
Assignee | |
Comment 9•16 years ago
|
||
Tests failed (in other parts of the tree) because of the behavior change here. Having empty hosts is common (e.g. file:// URI's). This patch is more conservative; it maintains behavior for CountCookiesFromHost and GetCookiesFromHost by having them handle the trivial case. For Add and Remove, the cookie data is most likely coming from either the cookieservice itself or some other cookie data source, so we probably want to throw rather than silently fail.
Attachment #411316 -
Attachment is obsolete: true
Attachment #411834 -
Flags: review+
|
|
Assignee | |
Comment 10•16 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Updated•16 years ago
|
Attachment #411834 -
Flags: approval1.9.2?
|
|
Assignee | |
Comment 11•16 years ago
|
||
Note for branch approval - reward: clears up a bunch of UMRs, and potentially crashes, caused when passing empty host strings into cookieservice API methods; risk: we now explicitly throw in two of those methods, where previously we pretended things were fine. This could break addons if they're not catching those exceptions, but this is arguably the right thing to do.
|
||
Comment 12•16 years ago
|
||
Comment on attachment 411834 [details] [diff] [review]
patch v3
a192=beltzner, I think the reward outweighs the risk here
Attachment #411834 -
Flags: approval1.9.2? → approval1.9.2+
|
|
Assignee | |
Comment 13•16 years ago
|
||
status1.9.2:
--- → final-fixed
|
|
Assignee | |
Comment 14•16 years ago
|
||
Comment on attachment 411834 [details] [diff] [review]
patch v3
See previous comments for risk details.
Attachment #411834 -
Flags: approval1.9.1.7?
|
|
||
Comment 15•16 years ago
|
||
Comment on attachment 411834 [details] [diff] [review]
patch v3
Approved for 1.9.1.8, a=dveditz for release-drivers
Attachment #411834 -
Flags: approval1.9.1.8? → approval1.9.1.8+
|
|
Assignee | |
Comment 16•16 years ago
|
||
status1.9.1:
--- → .8-fixed
|
||
Comment 17•16 years ago
|
||
All -
I just filed this regression for FF 3.6b5:
https://bugzilla.mozilla.org/show_bug.cgi?id=536650
I'm not sure if that is related to this, but out of all of the issues that were resolved for FF 3.6b5, this bug seemed the most likely.
Apologies in advance if that is not the case.
Cheers,
- Bill
You need to log in
before you can comment on or make changes to this bug.
Description
•