Closed
Bug 747581
Opened 13 years ago
Closed 13 years ago
IndexedDB uses the directory service off the main thread
Categories
(Core :: Storage: IndexedDB, defect)
Core
Storage: IndexedDB
Tracking
()
RESOLVED
FIXED
mozilla15
Tracking | Status | |
---|---|---|
firefox-esr10 | --- | wontfix |
People
(Reporter: bent.mozilla, Assigned: bent.mozilla)
References
Details
(Whiteboard: [sg:moderate])
Attachments
(1 file)
16.12 KB,
patch
|
khuey
:
review+
|
Details | Diff | Splinter Review |
IndexedDB uses the directory service off the main thread, and it shouldn't. See bug 746830. There's no real reason we needed to, I just thought it was safe. I don't think this is really exploitable (hard to reproduce race) but never hurts to file as a security bug.
Attachment #617157 -
Flags: review?(khuey)
Comment on attachment 617157 [details] [diff] [review] Patch, v1 Review of attachment 617157 [details] [diff] [review]: ----------------------------------------------------------------- ::: dom/indexedDB/IndexedDatabaseManager.cpp @@ +305,5 @@ > +IndexedDatabaseManager::GetDirectoryForOrigin(const nsACString& aASCIIOrigin, > + nsIFile** aDirectory) const > +{ > + nsresult rv; > + nsCOMPtr<nsILocalFile> directory = Just make this nsIFile. nsILocalFile is useless these days. @@ +322,5 @@ > + > + rv = directory->Append(originSanitized); > + NS_ENSURE_SUCCESS(rv, rv); > + > + directory.forget(reinterpret_cast<nsILocalFile**>(aDirectory)); Then this can go away.
Attachment #617157 -
Flags: review?(khuey) → review+
Updated•13 years ago
|
Whiteboard: [sg:moderate]
Assignee | ||
Comment 2•13 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/46e22a07d53a
Comment 3•13 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/46e22a07d53a
Assignee: nobody → bent.mozilla
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla15
Comment 4•13 years ago
|
||
IndexedDB landed in FF4, so I'm assuming that the ESR is affected. That being said, this is an sg:moderate so we're choosing to leave this unfixed.
status-firefox-esr10:
--- → wontfix
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•8 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•