732589 - Fennec build on Win8 crashes in Windows DLL blocklist @ patched_LdrLoadDll

Status: RESOLVED WORKSFORME

(Core :: Security, defect)

Description

[Jim Mathies [:jimm]]

Bug 694432 added a check in our LdrLoadDll hook for unexpected and unknown bytes passed in in place of the filePath parameter. We're currently bailing when the value is less than 1024, but I just ran into a case where the value was 2049. Clearly byte < 1024 isn't 100% reliable.

Comment 1

[Jim Mathies [:jimm]]

I've reproduced this on a release build as well.

Comment 2

[Scoobidiver (away)]

Can you provide a crash ID?

Comment 3

[Jim Mathies [:jimm]]

Attachment: tmp fix

Comment 4

[(no longer active)]

Comment on attachment 604274 [details] [diff] [review]
tmp fix

Can you please also check to see if the least significant bit of the pointer is set?

Comment 5

[Jim Mathies [:jimm]]

(In reply to Ehsan Akhgari [:ehsan] from comment #4)
> Comment on attachment 604274 [details] [diff] [review]
> tmp fix
> 
> Can you please also check to see if the least significant bit of the pointer
> is set?

I've added an assertion to my test repo so next time I hit it I'll check. This doesn't happen on every run for some reason.

Comment 6

[Armen [:armenzg]]

jimm says in bug 764039 I might be hitting this. If this is correct I would need help with this to make progress on the Windows 8 testing infrastructure.
I want to get the whole testing infrastructure ready in the next 7 weeks since I will be gone pretty much for the whole August.

Comment 7

[Brian R. Bondy [:bbondy]]

Is this still needed?

Comment 8

[Jim Mathies [:jimm]]

(In reply to Brian R. Bondy [:bbondy] from comment #7)
> Is this still needed?

I haven't seen it in a long time. Might have been fixed by MS. We can close it out for now.