Closed Bug 945504 Opened 11 years ago Closed 11 years ago

Include JS stack in sandbox reporter logs

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla30

People

(Reporter: jld, Assigned: jld)

References

Details

Attachments

(1 file, 3 obsolete files)

bug945504-sandbox-js-stack-hg4.diff
3.45 KB, patch
jld
: review+
Details | Diff | Splinter Review
Sometimes, the relevant code to blame for a sandbox violation is JavaScript — e.g., a component that calls FileUtils. In these cases the C++ part of the stack (as extracted via the crash reporter, for example) frequently isn't very helpful. Because this isn't a "real" crash and the memory state should be consistent, it should be okay to interrogate the current thread's JS context (if any) and write it to the logs. For TBPL+B2G, the logcat will be captured and mozharness will flag the immediately preceding line about the violation itself as an error, so this information should be reasonably obvious. Depends on bug 945498 because of patch dependency.
Should be fairly straightforward, assuming I'm using these XPCOM interfaces correctly.
Attachment #8342166 - Flags: review?(gdestuynder)
Comment on attachment 8342166 [details] [diff] [review] bug945504-sandbox-js-stack-hg0.diff Review of attachment 8342166 [details] [diff] [review]: ----------------------------------------------------------------- Looks fine to me and yes indeed, that's needed. I don't have much more experience with this than you do, but it looks correct.
Attachment #8342166 - Flags: review?(gdestuynder) → review+
Newer, smaller patch. (Based on the new version of bug 945498.)
Attachment #8342166 - Attachment is obsolete: true
Attachment #8367732 - Flags: review?(gdestuynder)
Attachment #8367732 - Flags: feedback?(bzbarsky)
Comment on attachment 8367732 [details] [diff] [review] bug945504-sandbox-js-stack-hg1.diff Seems pretty reasonably, but this line is buggy: + nsresult rv = frame->GetCaller(getter_AddRefs(frame)); because it depends on the getter_AddRefs(frame) (which will null out "frame") happening after the "frame->" deref, which is very much not guaranteed in C++. Probably better to do: nsCOMPtr<nsIStackFrame> temp; nsresult rv = frame->GetCaller(getter_AddRefs(temp)); NS_ENSURE_SUCCESS_VOID(rv); temp.swap(frame);
Attachment #8367732 - Flags: feedback?(bzbarsky) → feedback+
Comment on attachment 8367732 [details] [diff] [review] bug945504-sandbox-js-stack-hg1.diff Review of attachment 8367732 [details] [diff] [review]: ----------------------------------------------------------------- I'd just fix what bz mentioned. From my pov otherwise its fine
Attachment #8367732 - Flags: review?(gdestuynder) → review+
Carrying over r=kang. Fixed the nsCOMPtr sequence point thing and rebased.
Attachment #8367732 - Attachment is obsolete: true
Attachment #8370511 - Flags: review+
C-N warning: depends on patch from bug 945498.
Keywords: checkin-needed
Bitrotted, please rebase.
Keywords: checkin-needed
There was a brief window after bug 945498 landed (see comment #7) and before bug 969126 landed where the previous patch would have applied cleanly. That time is no longer. So, rebased on b2g-inbound.
Attachment #8370511 - Attachment is obsolete: true
Attachment #8371977 - Flags: review+
Should apply cleanly to b2g-inbound today, and other inbounds tomorrow (patch context dependency on Hg commit eb8002584068).
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/5ea08da71f1b
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla30
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: