Closed
Bug 779988
Opened 13 years ago
Closed 11 years ago
ABORT: file gecko/ipc/chromium/src/base/pickle.cc, line 86 (Pickle::ReadBool)
Categories
(Core :: IPC, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 807738
| blocking-basecamp | - |
People
(Reporter: posidron, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: crash)
Crash Data
Attachments
(1 file)
|
10.56 KB,
text/plain
|
Details |
In this scenario the Write|Datatype|() functions of Pickle were hooked to use abnormal values.
Let me know if you need further information.
|
Reporter | |
Comment 1•13 years ago
|
||
I should perhaps mention that WriteBool() wasn't touched, the value comes from the outside.
We're correctly sanitizing values in the parent process --- we detect that the child has written invalid data to the pipe.
However, after we detect that condition, the *parent* aborts. Instead, it should kill the child with fire.
|
||
Comment 3•12 years ago
|
||
this is a reproducible crash? Sounds similar to 780219 so, i'll minus. Please renom if you disagree.
blocking-basecamp: --- → -
|
||
Updated•12 years ago
|
Crash Signature: [@ mozalloc_abort(char const* const) | NS_DebugBreak | mozilla::Logger::~Logger()]
|
|
||
Updated•12 years ago
|
Summary: ABORT: file gecko/ipc/chromium/src/base/pickle.cc, line 86 → ABORT: file gecko/ipc/chromium/src/base/pickle.cc, line 86 (Pickle::ReadBool)
|
||
Comment 4•11 years ago
|
||
Is there a test case for this?
|
||
Comment 5•11 years ago
|
||
Abort in DCHECK() with a bool value. Marked as duplicate of bug 807738.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•