Closed
Bug 865569
Opened 11 years ago
Closed 11 years ago
Poison nsView
Categories
(Core :: Web Painting, enhancement)
Core
Web Painting
Tracking
()
RESOLVED
FIXED
mozilla23
People
(Reporter: MatsPalmgren_bugz, Assigned: MatsPalmgren_bugz)
References
Details
(Keywords: sec-want, Whiteboard: [adv-main22+])
Attachments
(1 file, 1 obsolete file)
|
1.53 KB,
patch
|
roc
:
review+
bajaj
:
approval-mozilla-aurora+
bajaj
:
approval-mozilla-beta-
|
Details | Diff | Splinter Review |
This is to mitigate crashes like bug 850571 to some degree, and to make the crash more likely to occur so we can get STR.
|
Assignee | |
Comment 1•11 years ago
|
||
This should help, but isn't bullet proof since we still allocate nsView from the general heap. Putting it in the pres arena would be ideal, but would be more work since we need to have the shell in all the new/delete places. https://tbpl.mozilla.org/?tree=Try&rev=02830a221ae6
|
|
Assignee | |
Comment 2•11 years ago
|
||
Comment on attachment 741683 [details] [diff] [review] v1 I tried to allocate nsView from the pres shell arena but that didn't work because we create the root view before the shell in some cases. And I suspect the root view may outlive the shell too. Anyway, this patch should help a little bit.
Attachment #741683 -
Flags: review?(roc)
|
|
Assignee | |
Comment 3•11 years ago
|
||
No need for the MOZ_MALLOC conditionals -- just invoke operator delete explicitly to deallocate. https://tbpl.mozilla.org/?tree=Try&rev=6bd5129c87e6
Attachment #741683 -
Attachment is obsolete: true
Attachment #741683 -
Flags: review?(roc)
Attachment #742693 -
Flags: review?(roc)
Attachment #742693 -
Flags: review?(roc) → review+
|
|
Assignee | |
Comment 4•11 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/91518747ca86
Flags: in-testsuite-
|
|
Assignee | |
Comment 5•11 years ago
|
||
Comment on attachment 742693 [details] [diff] [review] v2 This is to mitigate crashes like bug 850571 to some degree, and to make that crash more likely to occur so we can get STR. Low risk.
Attachment #742693 -
Flags: approval-mozilla-beta?
Attachment #742693 -
Flags: approval-mozilla-aurora?
https://hg.mozilla.org/mozilla-central/rev/91518747ca86
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla23
|
||
Updated•11 years ago
|
status-firefox23:
--- → fixed
|
||
Comment 7•11 years ago
|
||
Comment on attachment 742693 [details] [diff] [review] v2 Approving this only on aurora at this point to see if it helps get the needed STR here. Holding off on beta approval as I do not want to a sudden crash spike in our final beta's while we are still getting results from this landing on aurora which may help understand the problem and get a low risk safe patch in time for Fx21 final Beta build(going to build next Monday 5/6) . We will request users/QA to test the aurora build to see if they crash any sooner which may help here.
Attachment #742693 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
|
Assignee | |
Comment 8•11 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/07a0fdee02ec
status-firefox22:
--- → fixed
|
||
Updated•11 years ago
|
status-b2g18:
--- → wontfix
status-firefox-esr17:
--- → wontfix
|
|
||
Comment 9•11 years ago
|
||
Comment on attachment 742693 [details] [diff] [review] v2 I was holding off approval per comment #7.But given we have not see any STR and also as Bug 850571 is no longer a top-crasher, lets not rush this in our final beta. Bug 868619 , is the tracking bug if we want to backout nsView poisoning on aurora/trunk.
Attachment #742693 -
Flags: approval-mozilla-beta? → approval-mozilla-beta-
|
||
Updated•11 years ago
|
Whiteboard: [adv-main22+]
|
|
||
Updated•10 years ago
|
Group: core-security
|
||
Updated•6 years ago
|
Component: Layout: View Rendering → Layout: Web Painting
You need to log in
before you can comment on or make changes to this bug.
Description
•