Closed Bug 747581 Opened 8 years ago Closed 8 years ago

IndexedDB uses the directory service off the main thread

Categories

(Core :: Storage: IndexedDB, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla15
Tracking Status
firefox-esr10 --- wontfix

People

(Reporter: bent.mozilla, Assigned: bent.mozilla)

References

Details

(Whiteboard: [sg:moderate])

Attachments

(1 file)

Attached patch Patch, v1Splinter Review
IndexedDB uses the directory service off the main thread, and it shouldn't. See bug 746830. There's no real reason we needed to, I just thought it was safe.

I don't think this is really exploitable (hard to reproduce race) but never hurts to file as a security bug.
Attachment #617157 - Flags: review?(khuey)
Comment on attachment 617157 [details] [diff] [review]
Patch, v1

Review of attachment 617157 [details] [diff] [review]:
-----------------------------------------------------------------

::: dom/indexedDB/IndexedDatabaseManager.cpp
@@ +305,5 @@
> +IndexedDatabaseManager::GetDirectoryForOrigin(const nsACString& aASCIIOrigin,
> +                                              nsIFile** aDirectory) const
> +{
> +  nsresult rv;
> +  nsCOMPtr<nsILocalFile> directory =

Just make this nsIFile.  nsILocalFile is useless these days.

@@ +322,5 @@
> +
> +  rv = directory->Append(originSanitized);
> +  NS_ENSURE_SUCCESS(rv, rv);
> +
> +  directory.forget(reinterpret_cast<nsILocalFile**>(aDirectory));

Then this can go away.
Attachment #617157 - Flags: review?(khuey) → review+
Whiteboard: [sg:moderate]
Blocks: 743336
https://hg.mozilla.org/mozilla-central/rev/46e22a07d53a
Assignee: nobody → bent.mozilla
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla15
IndexedDB landed in FF4, so I'm assuming that the ESR is affected. That being said, this is an sg:moderate so we're choosing to leave this unfixed.
Group: core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.