Last Comment Bug 700298 - BatteryManager should initialize mScriptContext and mOwner
: BatteryManager should initialize mScriptContext and mOwner
Status: RESOLVED FIXED
[sg:critical][needs branch][qa-]
: regression
Product: Core
Classification: Components
Component: DOM (show other bugs)
: Trunk
: All All
: -- normal (vote)
: mozilla10
Assigned To: Mounir Lamouri (:mounir)
:
: Andrew Overholt [:overholt]
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-11-07 07:20 PST by Olli Pettay [:smaug]
Modified: 2012-04-10 21:27 PDT (History)
11 users (show)
mounir: in‑testsuite?
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
-
unaffected
-
unaffected
-
wontfix
+
fixed
wontfix
unaffected


Attachments
Patch v1 (9.18 KB, patch)
2011-11-18 06:14 PST, Mounir Lamouri (:mounir)
bugs: review-
Details | Diff | Splinter Review
Patch v1.1 with a comment (9.23 KB, patch)
2011-11-18 07:43 PST, Mounir Lamouri (:mounir)
bugs: review+
akeybl: approval‑mozilla‑aurora-
mounir: checkin+
Details | Diff | Splinter Review

Description Olli Pettay [:smaug] 2011-11-07 07:20:15 PST
BatteryManager should initialize mScriptContext and mOwner. Not having the right
context for event handlers has traditionally caused security problems.
(I'm not sure if that situation has changed, or whether we still need to make sure
that right JSContext gets pushed to stack.)

Also, BatteryManager should probably extend nsDOMEventTargetWrapperCache, not
nsDOMEventTargetHelper. (We're trying get those two merged once there are no
nsDOMEventTargetHelper users.)
Comment 1 Daniel Veditz [:dveditz] 2011-11-09 16:35:12 PST
This has led to security problems in the past so let's assume worst case. Either way should fix soon.
Comment 2 Johnny Stenback (:jst, jst@mozilla.com) 2011-11-10 13:34:40 PST
Mounir, can you look into this one?
Comment 3 Mounir Lamouri (:mounir) 2011-11-18 06:14:07 PST
Created attachment 575437 [details] [diff] [review]
Patch v1
Comment 4 Olli Pettay [:smaug] 2011-11-18 07:20:05 PST
Comment on attachment 575437 [details] [diff] [review]
Patch v1

So if you call navigator.mozBattery twice, you may get an uninitialized BatteryManager.

Please assign some value to mBatteryManager only if the initialization succeeded.
Also, please make sure *aBattery is set to null if not to a valid BatteryManager.
Comment 5 Mounir Lamouri (:mounir) 2011-11-18 07:43:20 PST
Created attachment 575452 [details] [diff] [review]
Patch v1.1 with a comment
Comment 6 Olli Pettay [:smaug] 2011-11-18 09:16:40 PST
Comment on attachment 575452 [details] [diff] [review]
Patch v1.1 with a comment


> class BatteryManager : public nsIDOMBatteryManager
>-                     , public nsDOMEventTargetHelper
>+                     , public nsDOMEventTargetWrapperCache
>                      , public BatteryObserver
As I said in some other bug, nsDOMEventTargetWrapperCache should be the first one to inherit.
Comment 7 Mounir Lamouri (:mounir) 2011-11-21 11:24:34 PST
https://hg.mozilla.org/mozilla-central/rev/56bf0f8537fa
Comment 8 christian 2011-11-22 14:52:27 PST
Comment on attachment 575452 [details] [diff] [review]
Patch v1.1 with a comment

[triage comment]
We don't intend to take this feature on Firefox 10 / aurora so we don't need to take this. Denying approval.
Comment 9 Mounir Lamouri (:mounir) 2011-11-22 15:47:28 PST
This feature *is* in Firefox 10...
Comment 10 christian 2011-11-28 12:51:26 PST
Right, and the intention is to back it out / pref it off I believe.
Comment 11 Mounir Lamouri (:mounir) 2011-11-28 15:20:38 PST
(In reply to Christian Legnitto [:LegNeato] from comment #10)
> Right, and the intention is to back it out / pref it off I believe.

It is indeed: there is a patch to pref it off but I believe it's better to have this security bug fixed even if the feature is hidden behind a pref. It doesn't hurt.
Comment 12 Alex Keybl [:akeybl] 2011-12-04 16:36:37 PST
Comment on attachment 575452 [details] [diff] [review]
Patch v1.1 with a comment

[Triage Comment]
Per previous agreement, the battery API is pref'd off in 10 (see bug 703568). This bug is fixed in 11 and will therefore be corrected when the pref is on by default. We do not plan to take any further Battery API changes in 10.
Comment 13 Johnny Stenback (:jst, jst@mozilla.com) 2011-12-30 15:44:24 PST
This is fixed everywhere where it needs to be fixed now, right? If so, can we close this bug?
Comment 14 Mounir Lamouri (:mounir) 2012-01-02 07:22:42 PST
(In reply to Johnny Stenback (:jst, jst@mozilla.com) from comment #13)
> This is fixed everywhere where it needs to be fixed now, right? If so, can
> we close this bug?

This should have been fixed when I pushed the patch to m-c. Sorry about that.
Comment 15 Lukas Blakk [:lsblakk] use ?needinfo 2012-02-23 16:46:31 PST
[Triage comment]

This bug is being tracked for landing on ESR branch.  Please land patches on http://hg.mozilla.org/releases/mozilla-esr10/by Thursday March 1, 2012 in order to be ready for go-to-build on Friday March 2, 2012.

See https://wiki.mozilla.org/Release_Management/ESR_Landing_Process for more information.
Comment 16 Mounir Lamouri (:mounir) 2012-02-24 05:44:15 PST
(In reply to Lukas Blakk [:lsblakk] from comment #15)
> [Triage comment]
> 
> This bug is being tracked for landing on ESR branch.  Please land patches on
> http://hg.mozilla.org/releases/mozilla-esr10/by Thursday March 1, 2012 in
> order to be ready for go-to-build on Friday March 2, 2012.
> 
> See https://wiki.mozilla.org/Release_Management/ESR_Landing_Process for more
> information.

I do not understand why we want this to be in ESR given that ESR is using Gecko 10 and Gecko 10 doesn't have Battery API enabled by default. I've been told that I shouldn't push that patch to 10 because of that. Why is that different for ESR?
Comment 17 Lukas Blakk [:lsblakk] use ?needinfo 2012-02-24 16:09:15 PST
[Triage Comment]
Sorry, mass modify - closer examination, you're right we don't need this.
Comment 18 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2012-03-05 16:45:19 PST
Does this affect Firefox Desktop? Is there anything QA can do to verify this fix?
Comment 19 Mounir Lamouri (:mounir) 2012-03-06 09:24:14 PST
(In reply to Anthony Hughes, Mozilla QA (irc: ashughes) from comment #18)
> Does this affect Firefox Desktop?

Yes.

> Is there anything QA can do to verify this fix?

That, I don't know. Olli, is there any way to reproduce this?
Comment 20 Olli Pettay [:smaug] 2012-03-06 12:05:33 PST
Some über-tricky JS tests
Comment 21 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2012-03-06 12:11:27 PST
qa- unless someone can find a simpler way to verify this fix. Otherwise, we will rely on someone who is already capable of reproducing the issue to verify the fix.
Comment 22 Daniel Veditz [:dveditz] 2012-03-09 11:11:07 PST
Isn't this more of a "wontfix" for ESR? the feature is there like on 10, we're just relying on people not turning the pref on. For the actual Fx10 we only have to worry about that for 6 weeks, but for the ESR people could flip the pref anytime in the next year if some cool site insists they have a case for it.

Note You need to log in before you can comment on or make changes to this bug.