"ABORT: who sent the notification then" with QI to imgIDecoderObserver

RESOLVED FIXED

Status

()

defect
--
critical
RESOLVED FIXED
9 years ago
6 years ago

People

(Reporter: jruderman, Assigned: Ehsan)

Tracking

(Blocks 1 bug, {assertion, testcase})

Trunk
x86
macOS
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(blocking2.0 -)

Details

(Whiteboard: [softblocker][depends on 605271][post-2.0])

Attachments

(1 attachment)

Reporter

Description

9 years ago
Posted image testcase
###!!! ABORT: who sent the notification then?: 'aContainer', 
file content/svg/content/src/nsSVGFilters.cpp, line 5644

The assertion is in nsSVGFEImageElement::OnStartContainer.
I thought we disallowed QI to non-classinfo interfaces from untrusted script for DOM objects...  Or did we just disallow implicit conversion to/from those interfaces through XPConnect?
Bah!

In that case, we need to either move this interface off this node (onto a helper object) or add some sanity-checking to the impl.....
blocking2.0: --- → ?
I really think we should consider stopping this madness for FF4. We're just gonna play whack'a'mole otherwise.

jst and I discussed a couple of alternatives, and peterv might even have a patch.

It would be a risky change this late in the game, but it might be less risky than the whack'a'mole...
Reporter

Comment 5

9 years ago
After my fuzzer got lucky and found bug 604262, I taught it to take an object and try QI'ing it to every interface.  It then quickly found bug 604556, bug 604807, and this bug (bug 604841).
So what's the plan here? Comment #4 sounds like there is a plan...
blocking2.0: ? → final+
Whiteboard: [depends on 605271]
Whiteboard: [depends on 605271] → [depends on 605271][softblocker]
Assignee

Updated

8 years ago
Assignee: khuey → ehsan
Whiteboard: [depends on 605271][softblocker] → [softblocker][depends on 605271]
Assignee

Comment 8

8 years ago
I think fixing this without bug 605271 will be too hackish and risky this late in the game...
Whiteboard: [softblocker][depends on 605271] → [softblocker][depends on 605271][post-2.0]
I'd actually like to fix this one by just noscripting imgIDecoderObserver.  Some of the imglib xpcshell tests use it, but no product code does.

Post 2.0 though, for sure.
Assignee

Comment 10

8 years ago
(In reply to comment #9)
> I'd actually like to fix this one by just noscripting imgIDecoderObserver. 
> Some of the imglib xpcshell tests use it, but no product code does.
> 
> Post 2.0 though, for sure.

You mean doing that post 2.0?
Assignee

Comment 12

8 years ago
OK, renoming to see if we still need to block on this.
blocking2.0: final+ → ?
Depends on: post2.0
blocking2.0: ? → -
Assignee

Updated

8 years ago
No longer depends on: post2.0
Fixed with WebIDL bindings.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.