Closed
Bug 945504
Opened 11 years ago
Closed 11 years ago
Include JS stack in sandbox reporter logs
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
FIXED
mozilla30
People
(Reporter: jld, Assigned: jld)
References
Details
Attachments
(1 file, 3 obsolete files)
3.45 KB,
patch
|
jld
:
review+
|
Details | Diff | Splinter Review |
Sometimes, the relevant code to blame for a sandbox violation is JavaScript — e.g., a component that calls FileUtils. In these cases the C++ part of the stack (as extracted via the crash reporter, for example) frequently isn't very helpful.
Because this isn't a "real" crash and the memory state should be consistent, it should be okay to interrogate the current thread's JS context (if any) and write it to the logs.
For TBPL+B2G, the logcat will be captured and mozharness will flag the immediately preceding line about the violation itself as an error, so this information should be reasonably obvious.
Depends on bug 945498 because of patch dependency.
Assignee | ||
Comment 1•11 years ago
|
||
Should be fairly straightforward, assuming I'm using these XPCOM interfaces correctly.
Attachment #8342166 -
Flags: review?(gdestuynder)
Comment on attachment 8342166 [details] [diff] [review]
bug945504-sandbox-js-stack-hg0.diff
Review of attachment 8342166 [details] [diff] [review]:
-----------------------------------------------------------------
Looks fine to me and yes indeed, that's needed.
I don't have much more experience with this than you do, but it looks correct.
Attachment #8342166 -
Flags: review?(gdestuynder) → review+
Assignee | ||
Comment 3•11 years ago
|
||
Newer, smaller patch. (Based on the new version of bug 945498.)
Attachment #8342166 -
Attachment is obsolete: true
Attachment #8367732 -
Flags: review?(gdestuynder)
Attachment #8367732 -
Flags: feedback?(bzbarsky)
Comment 4•11 years ago
|
||
Comment on attachment 8367732 [details] [diff] [review]
bug945504-sandbox-js-stack-hg1.diff
Seems pretty reasonably, but this line is buggy:
+ nsresult rv = frame->GetCaller(getter_AddRefs(frame));
because it depends on the getter_AddRefs(frame) (which will null out "frame") happening after the "frame->" deref, which is very much not guaranteed in C++. Probably better to do:
nsCOMPtr<nsIStackFrame> temp;
nsresult rv = frame->GetCaller(getter_AddRefs(temp));
NS_ENSURE_SUCCESS_VOID(rv);
temp.swap(frame);
Attachment #8367732 -
Flags: feedback?(bzbarsky) → feedback+
Comment on attachment 8367732 [details] [diff] [review]
bug945504-sandbox-js-stack-hg1.diff
Review of attachment 8367732 [details] [diff] [review]:
-----------------------------------------------------------------
I'd just fix what bz mentioned. From my pov otherwise its fine
Attachment #8367732 -
Flags: review?(gdestuynder) → review+
Assignee | ||
Comment 6•11 years ago
|
||
Carrying over r=kang. Fixed the nsCOMPtr sequence point thing and rebased.
Attachment #8367732 -
Attachment is obsolete: true
Attachment #8370511 -
Flags: review+
Assignee | ||
Comment 7•11 years ago
|
||
C-N warning: depends on patch from bug 945498.
Keywords: checkin-needed
Assignee | ||
Comment 9•11 years ago
|
||
There was a brief window after bug 945498 landed (see comment #7) and before bug 969126 landed where the previous patch would have applied cleanly. That time is no longer. So, rebased on b2g-inbound.
Attachment #8370511 -
Attachment is obsolete: true
Attachment #8371977 -
Flags: review+
Assignee | ||
Comment 10•11 years ago
|
||
Should apply cleanly to b2g-inbound today, and other inbounds tomorrow (patch context dependency on Hg commit eb8002584068).
Keywords: checkin-needed
Comment 11•11 years ago
|
||
Keywords: checkin-needed
Comment 12•11 years ago
|
||
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla30
You need to log in
before you can comment on or make changes to this bug.
Description
•