"ASSERTION: This is unsafe! Fix the caller!" tweaking video.src through attribute nodes

RESOLVED FIXED

Status

()

RESOLVED FIXED
8 years ago
4 years ago

People

(Reporter: jruderman, Assigned: smaug)

Tracking

(Blocks: 1 bug, {assertion, testcase})

Trunk
x86
macOS
assertion, testcase
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(3 attachments)

(Reporter)

Description

8 years ago
Created attachment 480238 [details]
testcase

###!!! ASSERTION: This is unsafe! Fix the caller!: 'Error', 
file content/events/src/nsEventDispatcher.cpp, line 514
(Reporter)

Comment 1

8 years ago
Created attachment 480240 [details]
stack trace
(Assignee)

Updated

8 years ago
Group: core-security

Comment 3

8 years ago
so, what should we do about this assertion?
(Reporter)

Comment 4

8 years ago
Even if this bug isn't a security hole, I'd like it fixed quickly so I can check for other instances of this assertion that might be.
blocking2.0: --- → ?
(Assignee)

Comment 5

8 years ago
Created attachment 481042 [details] [diff] [review]
patch

Jonas, can you think of any reason why this wouldn't be ok in this case.
Attachment #481042 - Flags: review?(jonas)
(Assignee)

Comment 6

8 years ago
So to clarify the patch, it just makes mozAutoDocUpdate to go out of
scope before SetValue()
So, a { } block was added.
Comment on attachment 481042 [details] [diff] [review]
patch

Mutation events and attribute nodes together. Can we add document.domain to the mix to get a trifecta of horror :(
Attachment #481042 - Flags: review?(jonas) → review+
(Assignee)

Updated

8 years ago
Attachment #481042 - Flags: approval2.0?
Summary: "ASSERTION: This is unsafe! Fix the caller!" twaking video.src through attribute nodes → "ASSERTION: This is unsafe! Fix the caller!" tweaking video.src through attribute nodes
(Assignee)

Comment 8

8 years ago
http://hg.mozilla.org/mozilla-central/rev/a6c31e83c5dd
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
(Assignee)

Updated

8 years ago
Assignee: nobody → Olli.Pettay
(Assignee)

Comment 9

8 years ago
This was fixed long ago. No need for blocking2.0?
blocking2.0: ? → ---
Group: core-security
You need to log in before you can comment on or make changes to this bug.