ScopedGfxFeatureReporter uses preference service off the main thread

RESOLVED FIXED in Firefox 14

Status

()

Core
Graphics
RESOLVED FIXED
5 years ago
2 years ago

People

(Reporter: blassey, Assigned: blassey)

Tracking

({sec-moderate})

unspecified
mozilla16
ARM
Android
sec-moderate
Points:
---

Firefox Tracking Flags

(firefox14 fixed, firefox15 fixed, firefox-esr10 unaffected, blocking-fennec1.0 .N+, fennec14+)

Details

(Whiteboard: [advisory-tracking+])

Attachments

(1 attachment)

Created attachment 634585 [details] [diff] [review]
patch

seeing this in the log:
I/Gecko   (  890): ###!!! ASSERTION: Using observer service off the main thread!: 'Error', file /home/blassey/src/mozilla-central/xpcom/ds/nsObserverService.cpp, line 95


not seeing it with this patch
Attachment #634585 - Flags: review?(joe)
Summary: ScopedGfxFeatureReporter accesses the preferences on the wrong thread → ScopedGfxFeatureReporter uses observer service off the main thread
Attachment #634585 - Flags: review?(joe) → review+
Comment on attachment 634585 [details] [diff] [review]
patch

[Approval Request Comment]
Bug caused by (feature/regressing bug #): 
User impact if declined: 
Testing completed (on m-c, etc.): 
Risk to taking this patch (and alternatives if risky): 
String or UUID changes made by this patch:
Attachment #634585 - Flags: approval-mozilla-beta?
Attachment #634585 - Flags: approval-mozilla-aurora?
landed on inbound https://hg.mozilla.org/integration/mozilla-inbound/rev/7bcd7c51ce46 and a follow up to fix windows https://hg.mozilla.org/integration/mozilla-inbound/rev/77804de74060
https://hg.mozilla.org/mozilla-central/rev/7bcd7c51ce46
https://hg.mozilla.org/mozilla-central/rev/77804de74060
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla16
(Assignee)

Updated

5 years ago
Summary: ScopedGfxFeatureReporter uses observer service off the main thread → ScopedGfxFeatureReporter uses preference service off the main thread
(Assignee)

Updated

5 years ago
tracking-fennec: ? → 14+
blocking-fennec1.0: ? → .N+

Updated

5 years ago
Group: core-security

Comment 4

5 years ago
jst believes this could be exploitable. Approving for Aurora 15 and Beta 14 (tip only, not the release branch).

Updated

5 years ago
Attachment #634585 - Flags: approval-mozilla-beta?
Attachment #634585 - Flags: approval-mozilla-beta+
Attachment #634585 - Flags: approval-mozilla-aurora?
Attachment #634585 - Flags: approval-mozilla-aurora+
status-firefox-esr10: --- → unaffected

Comment 5

5 years ago
Sending over to you, Brad, since you requested the approval.
Assignee: nobody → blassey.bugs
https://hg.mozilla.org/releases/mozilla-beta/rev/bc28779c3dab
https://hg.mozilla.org/releases/mozilla-beta/rev/a93c4915208a
https://hg.mozilla.org/releases/mozilla-aurora/rev/3717bb23ff0f
https://hg.mozilla.org/releases/mozilla-aurora/rev/ca8bf9e97234
status-firefox14: --- → fixed
status-firefox15: --- → fixed
Whiteboard: [advisory-tracking+]
Keywords: sec-moderate
Group: core-security
Duplicate of this bug: 737413
You need to log in before you can comment on or make changes to this bug.