Closed
Bug 832512
Opened 12 years ago
Closed 12 years ago
SOWs shouldn't be created for chrome objects
Categories
(Core :: XPConnect, defect)
Core
XPConnect
Tracking
()
RESOLVED
FIXED
mozilla21
Tracking | Status | |
---|---|---|
firefox19 | --- | unaffected |
firefox20 | + | fixed |
firefox21 | --- | fixed |
People
(Reporter: bholley, Assigned: bholley)
References
Details
(Keywords: regression)
Attachments
(1 file, 1 obsolete file)
2.34 KB,
patch
|
bzbarsky
:
review+
lsblakk
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
The code for bug 820577 causes us to create SOWs for chrome code, which is wrong. As it stands, it's slower and uses more memory than it needs to, but it might regress other things in unexpected ways. Fixing this is pretty straightforward, so I think we should uplift it.
Assignee | ||
Updated•12 years ago
|
tracking-firefox20:
--- → ?
Keywords: regression
Comment 1•12 years ago
|
||
Straight forward fix, could cause chrome regressions (any guidance as to what type would be helpful for testing/feedback).
For future reference (our reference), SOW=same-compartment security wrapper
Assignee | ||
Comment 2•12 years ago
|
||
(In reply to Alex Keybl [:akeybl] from comment #1)
> For future reference (our reference), SOW=same-compartment security wrapper
Not quite. SOW = system only wrapper, which most-commonly appears as a same-compartment security wrapper. They're nasty, and I'm working on abolishing them.
Assignee | ||
Comment 3•12 years ago
|
||
Attachment #704197 -
Flags: review?(bzbarsky)
Comment 4•12 years ago
|
||
Comment on attachment 704197 [details] [diff] [review]
Don't create SOWs for chrome code. v1
I don't think this is right for two reasons:
1) It won't catch things going through WrapNewBindingObject. Adding some tests would have caught this, I bet.
2) It's adding the system-principal check to the fast path of MaybeWrapValue, which doesn't seem great either.
Why not add the security check at the point in nsINode::WrapObject where we'd call SetSystemOnlyWrapper? In particular, seems like we can just add !IsSystemPrincipal(NodePrincipal()) to the conditions there, right? Or would that not do the right thing?
Attachment #704197 -
Flags: review?(bzbarsky) → review-
Assignee | ||
Comment 5•12 years ago
|
||
(In reply to Boris Zbarsky (:bz) from comment #4)
> Why not add the security check at the point in nsINode::WrapObject where
> we'd call SetSystemOnlyWrapper? In particular, seems like we can just add
> !IsSystemPrincipal(NodePrincipal()) to the conditions there, right? Or
> would that not do the right thing?
Yeah, good call. This will mean that we can still end up with in-chrome SOWs when reparenting nodes from content to chrome, but I don't think that's a big deal. In particular, I don't think the old behavior handled that edge case either.
Assignee | ||
Comment 6•12 years ago
|
||
Attachment #704197 -
Attachment is obsolete: true
Attachment #704647 -
Flags: review?(bzbarsky)
Comment 7•12 years ago
|
||
Comment on attachment 704647 [details] [diff] [review]
Don't create SOWs for chrome code. v2
Is the test tab-indented or something? In any case, just make sure your indentation matches the test's.
r=me with that.
Attachment #704647 -
Flags: review?(bzbarsky) → review+
Assignee | ||
Comment 8•12 years ago
|
||
Assignee | ||
Comment 9•12 years ago
|
||
Comment on attachment 704647 [details] [diff] [review]
Don't create SOWs for chrome code. v2
[Approval Request Comment]
Bug caused by (feature/regressing bug #):
bug 815149
User impact if declined: Probably not much, but it could cause very hard-to-diagnose bugs in extensions. This patch makes us stick with our historical behavior.
Testing completed (on m-c, etc.): Just pushed to m-i.
Risk to taking this patch (and alternatives if risky): Not risky. Alternative is to just not take the patch, which isn't that bad either. I think it's just a marginal win to take it.
String or UUID changes made by this patch: None.
Attachment #704647 -
Flags: approval-mozilla-aurora?
Comment 10•12 years ago
|
||
Status: NEW → RESOLVED
Closed: 12 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla21
Comment 11•12 years ago
|
||
Comment on attachment 704647 [details] [diff] [review]
Don't create SOWs for chrome code. v2
seems pretty straightforward and worth the marginal win on aurora, approving.
Attachment #704647 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment 12•12 years ago
|
||
status-firefox21:
--- → fixed
You need to log in
before you can comment on or make changes to this bug.
Description
•