Last Comment Bug 555018 - (CVE-2011-2996) initialize nsChildView plugin ports
: initialize nsChildView plugin ports
: crash
Product: Core
Classification: Components
Component: Widget: Cocoa (show other bugs)
: Trunk
: All Mac OS X
-- normal (vote)
: mozilla2.0
Assigned To: Josh Aas
: Markus Stange [:mstange]
Depends on:
Blocks: 527280
  Show dependency treegraph
Reported: 2010-03-25 12:24 PDT by Josh Aas
Modified: 2015-10-16 11:49 PDT (History)
3 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

fix v1.0 (785 bytes, patch)
2010-03-25 12:24 PDT, Josh Aas
roc: review+
Details | Diff | Splinter Review
fix v1.0 for 1.9.2 (1.57 KB, patch)
2010-03-25 13:02 PDT, Josh Aas
dveditz: approval1.9.2.18-
Details | Diff | Splinter Review

Description User image Josh Aas 2010-03-25 12:24:14 PDT
Created attachment 434946 [details] [diff] [review]
fix v1.0

We should initialize nsChildView plugin ports.
Comment 1 User image Josh Aas 2010-03-25 12:37:46 PDT
pushed to mozilla-central
Comment 2 User image Josh Aas 2010-03-25 13:02:19 PDT
Created attachment 434953 [details] [diff] [review]
fix v1.0 for 1.9.2

This is a safe patch, we should take it on 1.9.2.
Comment 3 User image Daniel Veditz [:dveditz] 2011-05-11 12:40:03 PDT
Comment on attachment 434953 [details] [diff] [review]
fix v1.0 for 1.9.2

Is this still wanted on the 3.6 branch, or should we just forget about it?
Comment 4 User image christian 2011-05-13 10:59:26 PDT
What's the benefit of taking this change?
Comment 5 User image Josh Aas 2011-05-16 11:24:49 PDT
If we don't initialize that structure it can contain pointers to random memory. It's a stability issue, and might also have security implications.
Comment 6 User image Daniel Veditz [:dveditz] 2011-05-18 10:49:10 PDT
Comment on attachment 434953 [details] [diff] [review]
fix v1.0 for 1.9.2

Approved for, a=dveditz for release-drivers
Comment 7 User image Daniel Veditz [:dveditz] 2011-06-09 00:34:09 PDT
Comment on attachment 434953 [details] [diff] [review]
fix v1.0 for 1.9.2

doesn't apply on 1.9.2 because there's a context diff around the union nsPluginPort line. Not sure if it's still safe to remove that or if there were other changes to the file that would require a different patch. fwiw the trunk still seems to have that line in it.
Comment 8 User image Josh Aas 2011-09-15 11:54:38 PDT
pushed to mozilla-1.9.2

Note You need to log in before you can comment on or make changes to this bug.