Closed
Bug 795395
Opened 12 years ago
Closed 12 years ago
Valgrind on tbpl detects: Invalid read of size 4 with nsGSettingsService on the stack
Categories
(Core :: Widget: Gtk, defect)
Tracking
()
VERIFIED
FIXED
mozilla18
Tracking | Status | |
---|---|---|
firefox16 | --- | unaffected |
firefox17 | --- | unaffected |
firefox18 | --- | fixed |
firefox-esr10 | --- | unaffected |
firefox-esr17 | --- | unaffected |
People
(Reporter: gkw, Assigned: chrisccoulson)
References
(Blocks 1 open bug)
Details
(Keywords: regression, sec-moderate, valgrind, Whiteboard: [adv-main18-])
Attachments
(2 files)
13.07 KB,
text/plain
|
Details | |
1009 bytes,
patch
|
karlt
:
review+
|
Details | Diff | Splinter Review |
Valgrind detects: Invalid read of size 4 with nsGSettingsService on the stack, see attached snippet which comes from: https://tbpl.mozilla.org/php/getParsedLog.php?id=15623197&tree=Firefox&full=1 Guessing Core: Widget: Gtk, please change component if necessary. s-s because this is an invalid read. Suspecting it is a regression from bug 713802 which itself likely comes from bug 611953.
Comment 1•12 years ago
|
||
related to https://bugzilla.mozilla.org/show_bug.cgi?id=794174 perhaps?
Assignee | ||
Comment 2•12 years ago
|
||
I guess what happens is nsGSettingsService::Init() fails because the glib version is too old for this feature, which causes us to attempt to unload the library twice (once in Init() and again in the destructor). The attached 1-liner should fix that (untested here though, because this doesn't fail on my machine)
Reporter | ||
Comment 3•12 years ago
|
||
(In reply to Chris Coulson from comment #2) > Created attachment 666001 [details] [diff] [review] > Fix invalid read in nsGSettingsService Perhaps you'd like to request for review on this patch? Although GIO landed some time ago, it was only turned on by default yesterday, so setting flags accordingly.
Assignee: nobody → chrisccoulson
status-firefox-esr10:
--- → unaffected
status-firefox15:
--- → unaffected
status-firefox16:
--- → unaffected
status-firefox17:
--- → unaffected
status-firefox18:
--- → affected
tracking-firefox18:
--- → ?
Keywords: mlk
Reporter | ||
Comment 4•12 years ago
|
||
Since it is an arbitrary read, assuming sec-critical worse-case, unless otherwise shown.
Keywords: sec-critical
Comment 5•12 years ago
|
||
This functionality is not really under attacker control so sec-moderate is probably more appropriate.
Assignee | ||
Updated•12 years ago
|
Attachment #666001 -
Flags: review?(karlt)
Updated•12 years ago
|
Attachment #666001 -
Flags: review?(karlt) → review+
Reporter | ||
Updated•12 years ago
|
Keywords: checkin-needed
Comment 6•12 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/e05d8c7fc54b
Flags: in-testsuite+
Keywords: checkin-needed
Updated•12 years ago
|
Status: NEW → ASSIGNED
Comment 8•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/e05d8c7fc54b
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla18
Reporter | ||
Comment 9•12 years ago
|
||
A type of test for this bug has already been landed because it is already marked in-testsuite+ -> VERIFIED.
Status: RESOLVED → VERIFIED
Updated•12 years ago
|
status-firefox-esr17:
--- → unaffected
Whiteboard: [adv-main18-]
Updated•12 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•