Closed
Bug 879537
Opened 11 years ago
Closed 11 years ago
Contacts: Be more strict when setting date properties
Categories
(Core :: DOM: Device Interfaces, defect)
Core
DOM: Device Interfaces
Tracking
()
RESOLVED
FIXED
mozilla24
People
(Reporter: reuben, Assigned: reuben)
References
Details
(Whiteboard: [fixed-in-birch][systemsfe])
Attachments
(1 file, 2 obsolete files)
1.22 KB,
patch
|
gwagner
:
review+
|
Details | Diff | Splinter Review |
Found by the fuzzer, if you pass an object as one of the Date properties you get 'JavaScript Error: "can't convert aBday to primitive type"'.
Attachment #758262 -
Flags: review?(anygregor)
Comment 1•11 years ago
|
||
Comment on attachment 758262 [details] [diff] [review] Only accept strings and Date instances for Date properties Review of attachment 758262 [details] [diff] [review]: ----------------------------------------------------------------- +testcase please. thanks!
Attachment #758262 -
Flags: review?(anygregor) → review+
Assignee | ||
Comment 2•11 years ago
|
||
I can't actually reduce the testcase… I know that specific value that's causing it, but I'm having a hard time replicating it in a reduced testcase. Apparently it even depends on the values in the blob's view.
Attachment #758262 -
Attachment is obsolete: true
Attachment #759992 -
Flags: review?(anygregor)
Assignee | ||
Comment 3•11 years ago
|
||
(In reply to Reuben Morais [:reuben] from comment #2) > I can't actually reduce the testcase… I know that specific value that's > causing it, but I'm having a hard time replicating it in a reduced testcase. > Apparently it even depends on the values in the blob's view. Ugh, I blame the deep fried sandwich, it's affecting my brain. Let's try that again: I know the value that causes the error, it happens whenever I pass an object with a blob property as one of the Date attributes (bday, anniversary). The assertion comes from the Date constructor, since it tries to do ToPrimitive on the passed value, and fails. This patch worksaround that by only calling new Date() when the value is a string, or a number, and skips that entirely if it's already a Date instance. Can I land this without a test? :)
Comment 4•11 years ago
|
||
Comment on attachment 759992 [details] [diff] [review] Slightly better version Review of attachment 759992 [details] [diff] [review]: ----------------------------------------------------------------- ::: dom/contacts/ContactManager.js @@ -423,5 @@ > - // if (aBday instanceof Date) { > - // this._bday = aBday; > - // } else if (typeof aBday === "string" || typeof aBday === "number") { > - // this._bday = new Date(aBday); > - // } Hm can you upload that again? I would like to see the original version :) I hope that's not the code that is checked in.
Assignee | ||
Comment 5•11 years ago
|
||
So now that WebIDL contacts is about to land, it'll only make sense to land this in b2g18… How should I proceed?
Comment 6•11 years ago
|
||
(In reply to Reuben Morais [:reuben] from comment #5) > So now that WebIDL contacts is about to land, it'll only make sense to land > this in b2g18… How should I proceed? Still land it on birch first so we have the same code if the webidl patch gets backed out.
Assignee | ||
Comment 7•11 years ago
|
||
Attachment #759992 -
Attachment is obsolete: true
Attachment #759992 -
Flags: review?(anygregor)
Attachment #761644 -
Flags: review?(anygregor)
Assignee | ||
Comment 8•11 years ago
|
||
Also, I think the problem here is that XPConnect treats Dates as JSObjects under the hood, and doesn't filter out garbage that is not a date :(
Updated•11 years ago
|
Attachment #761644 -
Flags: review?(anygregor) → review+
Assignee | ||
Comment 9•11 years ago
|
||
Thanks! https://hg.mozilla.org/projects/birch/rev/5d42d5a6a922
Whiteboard: [fixed-in-birch]
Comment 10•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/5d42d5a6a922
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla24
Comment 11•11 years ago
|
||
We don't want exceptions in our contactManager code that could completely break the contacts, sms, dialer.... app.
blocking-b2g: --- → leo?
Comment 12•11 years ago
|
||
:gwagner , Is this testable ?How sure can we be that they will be no fallouts and how risky is the patch?
Comment 14•11 years ago
|
||
ni? reporter: can you describe the user impact here so triage can decide on if this should block?
Flags: needinfo?(reuben.bmo)
Assignee | ||
Comment 15•11 years ago
|
||
(In reply to bhavana bajaj [:bajaj] from comment #12) > :gwagner , Is this testable ?How sure can we be that they will be no > fallouts and how risky is the patch? Pretty sure. This patch only reduces the types of input we accept, making the chance of fallouts minimal. (In reply to Wayne Chang [:wchang] from comment #14) > ni? reporter: can you describe the user impact here so triage can decide on > if this should block? If a malicious or broken app uses the Contacts API incorrectly, we'll die inside chrome code, with no useful information to the user/developer of what went wrong. The app will very likely stop running correctly.
Flags: needinfo?(reuben.bmo)
Flags: needinfo?(anygregor)
Comment 16•11 years ago
|
||
This could be taken as an improvement on v1.2 but given comment 15 not a blocker as of today we are on par with 1.0.1 and this is an enhancement to the existing state but would not block.
blocking-b2g: leo? → koi?
Updated•11 years ago
|
Whiteboard: [fixed-in-birch] → [fixed-in-birch][systemsfe]
Updated•11 years ago
|
blocking-b2g: koi? → ---
You need to log in
before you can comment on or make changes to this bug.
Description
•