Closed Bug 766304 Opened 9 years ago Closed 9 years ago

ScopedGfxFeatureReporter uses preference service off the main thread

Categories

(Core :: Graphics, defect)

ARM
Android
defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla16
Tracking Status
firefox14 --- fixed
firefox15 --- fixed
firefox-esr10 --- unaffected
blocking-fennec1.0 --- .N+
fennec 14+ ---

People

(Reporter: blassey, Assigned: blassey)

References

Details

(Keywords: sec-moderate, Whiteboard: [advisory-tracking+])

Attachments

(1 file)

Attached patch patchSplinter Review
seeing this in the log:
I/Gecko   (  890): ###!!! ASSERTION: Using observer service off the main thread!: 'Error', file /home/blassey/src/mozilla-central/xpcom/ds/nsObserverService.cpp, line 95


not seeing it with this patch
Attachment #634585 - Flags: review?(joe)
Summary: ScopedGfxFeatureReporter accesses the preferences on the wrong thread → ScopedGfxFeatureReporter uses observer service off the main thread
Attachment #634585 - Flags: review?(joe) → review+
Comment on attachment 634585 [details] [diff] [review]
patch

[Approval Request Comment]
Bug caused by (feature/regressing bug #): 
User impact if declined: 
Testing completed (on m-c, etc.): 
Risk to taking this patch (and alternatives if risky): 
String or UUID changes made by this patch:
Attachment #634585 - Flags: approval-mozilla-beta?
Attachment #634585 - Flags: approval-mozilla-aurora?
https://hg.mozilla.org/mozilla-central/rev/7bcd7c51ce46
https://hg.mozilla.org/mozilla-central/rev/77804de74060
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla16
Summary: ScopedGfxFeatureReporter uses observer service off the main thread → ScopedGfxFeatureReporter uses preference service off the main thread
tracking-fennec: ? → 14+
blocking-fennec1.0: ? → .N+
Group: core-security
jst believes this could be exploitable. Approving for Aurora 15 and Beta 14 (tip only, not the release branch).
Attachment #634585 - Flags: approval-mozilla-beta?
Attachment #634585 - Flags: approval-mozilla-beta+
Attachment #634585 - Flags: approval-mozilla-aurora?
Attachment #634585 - Flags: approval-mozilla-aurora+
Sending over to you, Brad, since you requested the approval.
Assignee: nobody → blassey.bugs
Whiteboard: [advisory-tracking+]
Group: core-security
You need to log in before you can comment on or make changes to this bug.