Last Comment Bug 555018 - (CVE-2011-2996) initialize nsChildView plugin ports
(CVE-2011-2996)
: initialize nsChildView plugin ports
Status: RESOLVED FIXED
[sg:moderate]
: crash
Product: Core
Classification: Components
Component: Widget: Cocoa (show other bugs)
: Trunk
: All Mac OS X
: -- normal (vote)
: mozilla2.0
Assigned To: Josh Aas
:
Mentors:
Depends on:
Blocks: 527280
  Show dependency treegraph
 
Reported: 2010-03-25 12:24 PDT by Josh Aas
Modified: 2015-10-16 11:49 PDT (History)
3 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
unaffected
.23+
.23-fixed
wanted


Attachments
fix v1.0 (785 bytes, patch)
2010-03-25 12:24 PDT, Josh Aas
roc: review+
Details | Diff | Review
fix v1.0 for 1.9.2 (1.57 KB, patch)
2010-03-25 13:02 PDT, Josh Aas
dveditz: approval1.9.2.18-
Details | Diff | Review

Description Josh Aas 2010-03-25 12:24:14 PDT
Created attachment 434946 [details] [diff] [review]
fix v1.0

We should initialize nsChildView plugin ports.
Comment 1 Josh Aas 2010-03-25 12:37:46 PDT
pushed to mozilla-central

http://hg.mozilla.org/mozilla-central/rev/5e9d5bbf7596
Comment 2 Josh Aas 2010-03-25 13:02:19 PDT
Created attachment 434953 [details] [diff] [review]
fix v1.0 for 1.9.2

This is a safe patch, we should take it on 1.9.2.
Comment 3 Daniel Veditz [:dveditz] 2011-05-11 12:40:03 PDT
Comment on attachment 434953 [details] [diff] [review]
fix v1.0 for 1.9.2

Is this still wanted on the 3.6 branch, or should we just forget about it?
Comment 4 christian 2011-05-13 10:59:26 PDT
What's the benefit of taking this change?
Comment 5 Josh Aas 2011-05-16 11:24:49 PDT
If we don't initialize that structure it can contain pointers to random memory. It's a stability issue, and might also have security implications.
Comment 6 Daniel Veditz [:dveditz] 2011-05-18 10:49:10 PDT
Comment on attachment 434953 [details] [diff] [review]
fix v1.0 for 1.9.2

Approved for 1.9.2.18, a=dveditz for release-drivers
Comment 7 Daniel Veditz [:dveditz] 2011-06-09 00:34:09 PDT
Comment on attachment 434953 [details] [diff] [review]
fix v1.0 for 1.9.2

doesn't apply on 1.9.2 because there's a context diff around the union nsPluginPort line. Not sure if it's still safe to remove that or if there were other changes to the file that would require a different patch. fwiw the trunk still seems to have that line in it.
Comment 8 Josh Aas 2011-09-15 11:54:38 PDT
pushed to mozilla-1.9.2

http://hg.mozilla.org/releases/mozilla-1.9.2/rev/3fb441425998

Note You need to log in before you can comment on or make changes to this bug.