Closed Bug 795395 Opened 7 years ago Closed 7 years ago

Valgrind on tbpl detects: Invalid read of size 4 with nsGSettingsService on the stack

Categories

(Core :: Widget: Gtk, defect, critical)

x86_64
Linux
defect
Not set
critical

Tracking

()

VERIFIED FIXED
mozilla18
Tracking Status
firefox16 --- unaffected
firefox17 --- unaffected
firefox18 --- fixed
firefox-esr10 --- unaffected
firefox-esr17 --- unaffected

People

(Reporter: gkw, Assigned: chrisccoulson)

References

(Blocks 1 open bug)

Details

(Keywords: regression, sec-moderate, valgrind, Whiteboard: [adv-main18-])

Attachments

(2 files)

Valgrind detects: Invalid read of size 4 with nsGSettingsService on the stack, see attached snippet which comes from:

https://tbpl.mozilla.org/php/getParsedLog.php?id=15623197&tree=Firefox&full=1

Guessing Core: Widget: Gtk, please change component if necessary.

s-s because this is an invalid read. Suspecting it is a regression from bug 713802 which itself likely comes from bug 611953.
I guess what happens is nsGSettingsService::Init() fails because the glib version is too old for this feature, which causes us to attempt to unload the library twice (once in Init() and again in the destructor). The attached 1-liner should fix that (untested here though, because this doesn't fail on my machine)
(In reply to Chris Coulson from comment #2)
> Created attachment 666001 [details] [diff] [review]
> Fix invalid read in nsGSettingsService

Perhaps you'd like to request for review on this patch?

Although GIO landed some time ago, it was only turned on by default yesterday, so setting flags accordingly.
Assignee: nobody → chrisccoulson
Keywords: mlk
Since it is an arbitrary read, assuming sec-critical worse-case, unless otherwise shown.
Keywords: sec-critical
This functionality is not really under attacker control so sec-moderate is probably more appropriate.
Attachment #666001 - Flags: review?(karlt)
Attachment #666001 - Flags: review?(karlt) → review+
Keywords: checkin-needed
Status: NEW → ASSIGNED
Duplicate of this bug: 795635
https://hg.mozilla.org/mozilla-central/rev/e05d8c7fc54b
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla18
A type of test for this bug has already been landed because it is already marked in-testsuite+ -> VERIFIED.
Status: RESOLVED → VERIFIED
Whiteboard: [adv-main18-]
Group: core-security
You need to log in before you can comment on or make changes to this bug.