Closed
Bug 663893
Opened 13 years ago
Closed 13 years ago
Unsafe uses of mListener in nsWebSocketHandler.cpp
Categories
(Core :: Networking: WebSockets, defect)
Tracking
()
RESOLVED
FIXED
mozilla7
| Tracking | Status | |
|---|---|---|
| firefox6 | --- | fixed |
People
(Reporter: jdm, Assigned: jdm)
References
(Blocks 1 open bug)
Details
Crash Data
Attachments
(1 file)
|
2.05 KB,
patch
|
mcmanus
:
review+
christian
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
Both of the following are not sheltered in |if (mListener)| blocks, unlike other similar constructs:
868 nsCOMPtr<nsIRunnable> event =
869 new CallOnServerClose(mListener, mContext);
870 NS_DispatchToMainThread(event);
1317 nsCOMPtr<nsIRunnable> event =
1318 new CallOnStop(mListener, mContext, reason);
1319 NS_DispatchToMainThread(event);
|
Assignee | |
Updated•13 years ago
|
Summary: Unsafe uses of mListener in nsWebSocket.cpp → Unsafe uses of mListener in nsWebSocketHandler.cpp
|
|
Assignee | |
Comment 1•13 years ago
|
||
|
|
Assignee | |
Updated•13 years ago
|
Attachment #538965 -
Flags: review?(mcmanus)
|
||
Comment 2•13 years ago
|
||
Comment on attachment 538965 [details] [diff] [review]
Avoid null dereferences in websocket handler.
Review of attachment 538965 [details] [diff] [review]:
-----------------------------------------------------------------
Attachment #538965 -
Flags: review?(mcmanus) → review+
|
|
Assignee | |
Updated•13 years ago
|
Keywords: checkin-needed
|
||
Updated•13 years ago
|
Assignee: nobody → josh
|
|
||
Comment 3•13 years ago
|
||
Status: NEW → RESOLVED
Closed: 13 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla7
|
||
Comment 4•13 years ago
|
||
The push broke the build, so I backed out all of its changesets.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
||
Comment 5•13 years ago
|
||
Landed on inbound.
|
|
||
Comment 6•13 years ago
|
||
Status: REOPENED → RESOLVED
Closed: 13 years ago → 13 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 7•13 years ago
|
||
Comment on attachment 538965 [details] [diff] [review]
Avoid null dereferences in websocket handler.
This fixes a potential crasher if websockets are misused by a page.
Attachment #538965 -
Flags: approval-mozilla-aurora?
|
|
||
Comment 8•13 years ago
|
||
(In reply to comment #7)
> Comment on attachment 538965 [details] [diff] [review] [review]
> Avoid null dereferences in websocket handler.
>
> This fixes a potential crasher if websockets are misused by a page.
Can a page trigger this? I would think it would be limited to (broken) chrome code.. that's why I didn't a?
|
|
Assignee | |
Comment 9•13 years ago
|
||
We were seeing this in Fennec nightlies on mibbit.com.
|
||
Comment 10•13 years ago
|
||
Simple fix that fixes a mibbit crash in Fennec. Baked on trunk for 3 days
|
||
Comment 11•13 years ago
|
||
Comment on attachment 538965 [details] [diff] [review]
Avoid null dereferences in websocket handler.
Approved for mozilla-aurora
Attachment #538965 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
|
||
Comment 12•13 years ago
|
||
|
|
||
Updated•13 years ago
|
status-firefox6:
--- → fixed
You need to log in
before you can comment on or make changes to this bug.
Description
•