Closed Bug 760132 Opened 9 years ago Closed 9 years ago

TabParent may use uninitialized mFrameElement pointer

Categories

(Core :: IPC, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla15
Tracking Status
firefox15 --- fixed
firefox-esr10 --- unaffected

People

(Reporter: justin.lebar+bug, Assigned: justin.lebar+bug)

References

Details

(Keywords: sec-moderate, Whiteboard: [advisory-tracking-])

Attachments

(1 file)

It's possible (likely) that there's no way to trigger this in current builds, but this is bad enough that I didn't want to file a public bug.

Patch in a moment.
Summary: TabChild may use uninitialized mFrameElement pointer → TabParent may use uninitialized mFrameElement pointer
Attached patch Patch v1Splinter Review
Attachment #628754 - Flags: review?(jones.chris.g)
Blocks: 742944
Attachment #628754 - Flags: review?(jones.chris.g) → review+
https://hg.mozilla.org/mozilla-central/rev/1e69f57e543a
Assignee: nobody → justin.lebar+bug
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
What is this code used for? Would it affect regular firefox builds (e.g. ESR) or can we skip it for those. Would Fennec Native need it?
(In reply to Daniel Veditz [:dveditz] from comment #5)
> What is this code used for? Would it affect regular firefox builds (e.g.
> ESR) or can we skip it for those. Would Fennec Native need it?

This bug doesn't affect builds which don't spin up OOP frames.  So regular Firefox, ESR, and Fennec Native are unaffected.
Whiteboard: [advisory-tracking-]
Group: core-security
You need to log in before you can comment on or make changes to this bug.