Closed
Bug 663893
Opened 13 years ago
Closed 13 years ago
Unsafe uses of mListener in nsWebSocketHandler.cpp
Categories
(Core :: Networking: WebSockets, defect)
Tracking
()
RESOLVED
FIXED
mozilla7
Tracking | Status | |
---|---|---|
firefox6 | --- | fixed |
People
(Reporter: jdm, Assigned: jdm)
References
(Blocks 1 open bug)
Details
Crash Data
Attachments
(1 file)
2.05 KB,
patch
|
mcmanus
:
review+
christian
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
Both of the following are not sheltered in |if (mListener)| blocks, unlike other similar constructs: 868 nsCOMPtr<nsIRunnable> event = 869 new CallOnServerClose(mListener, mContext); 870 NS_DispatchToMainThread(event); 1317 nsCOMPtr<nsIRunnable> event = 1318 new CallOnStop(mListener, mContext, reason); 1319 NS_DispatchToMainThread(event);
Assignee | ||
Updated•13 years ago
|
Summary: Unsafe uses of mListener in nsWebSocket.cpp → Unsafe uses of mListener in nsWebSocketHandler.cpp
Assignee | ||
Comment 1•13 years ago
|
||
Assignee | ||
Updated•13 years ago
|
Attachment #538965 -
Flags: review?(mcmanus)
Comment 2•13 years ago
|
||
Comment on attachment 538965 [details] [diff] [review] Avoid null dereferences in websocket handler. Review of attachment 538965 [details] [diff] [review]: -----------------------------------------------------------------
Attachment #538965 -
Flags: review?(mcmanus) → review+
Assignee | ||
Updated•13 years ago
|
Keywords: checkin-needed
Updated•13 years ago
|
Assignee: nobody → josh
Comment 3•13 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/0715dd3bbfb8
Status: NEW → RESOLVED
Closed: 13 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla7
Comment 4•13 years ago
|
||
The push broke the build, so I backed out all of its changesets.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Comment 5•13 years ago
|
||
Landed on inbound.
Comment 6•13 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/09428adfd4a8
Status: REOPENED → RESOLVED
Closed: 13 years ago → 13 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 7•13 years ago
|
||
Comment on attachment 538965 [details] [diff] [review] Avoid null dereferences in websocket handler. This fixes a potential crasher if websockets are misused by a page.
Attachment #538965 -
Flags: approval-mozilla-aurora?
Comment 8•13 years ago
|
||
(In reply to comment #7) > Comment on attachment 538965 [details] [diff] [review] [review] > Avoid null dereferences in websocket handler. > > This fixes a potential crasher if websockets are misused by a page. Can a page trigger this? I would think it would be limited to (broken) chrome code.. that's why I didn't a?
Assignee | ||
Comment 9•13 years ago
|
||
We were seeing this in Fennec nightlies on mibbit.com.
Comment 10•13 years ago
|
||
Simple fix that fixes a mibbit crash in Fennec. Baked on trunk for 3 days
Comment 11•13 years ago
|
||
Comment on attachment 538965 [details] [diff] [review] Avoid null dereferences in websocket handler. Approved for mozilla-aurora
Attachment #538965 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Updated•13 years ago
|
status-firefox6:
--- → fixed
You need to log in
before you can comment on or make changes to this bug.
Description
•