Closed Bug 760132 Opened 14 years ago Closed 14 years ago

TabParent may use uninitialized mFrameElement pointer

Categories

(Core :: IPC, defect)

Product:
Core
Component:
IPC
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla15
Tracking Flags:
Tracking Status
firefox15 --- fixed
firefox-esr10 --- unaffected

People

(Reporter: justin.lebar+bug, Assigned: justin.lebar+bug)

References

Details

(Keywords: sec-moderate, Whiteboard: [advisory-tracking-])

Attachments

(1 file)

Patch v1
816 bytes, patch
cjones
: review+
Details | Diff | Splinter Review
It's possible (likely) that there's no way to trigger this in current builds, but this is bad enough that I didn't want to file a public bug. Patch in a moment.
Summary: TabChild may use uninitialized mFrameElement pointer → TabParent may use uninitialized mFrameElement pointer
Attached patch Patch v1Splinter Review
Attachment #628754 - Flags: review?(jones.chris.g)
Blocks: 742944
Attachment #628754 - Flags: review?(jones.chris.g) → review+
https://hg.mozilla.org/mozilla-central/rev/1e69f57e543a
Assignee: nobody → justin.lebar+bug
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
What is this code used for? Would it affect regular firefox builds (e.g. ESR) or can we skip it for those. Would Fennec Native need it?
status-firefox15: --- → fixed
Keywords: sec-moderate
(In reply to Daniel Veditz [:dveditz] from comment #5) > What is this code used for? Would it affect regular firefox builds (e.g. > ESR) or can we skip it for those. Would Fennec Native need it? This bug doesn't affect builds which don't spin up OOP frames. So regular Firefox, ESR, and Fennec Native are unaffected.
Whiteboard: [advisory-tracking-]
Group: core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: