Open
Bug 987897
Opened 11 years ago
Updated 3 years ago
Infallibilize xpc::TransplantObject
Categories
(Core :: XPConnect, defect)
Tracking
()
NEW
People
(Reporter: mccr8, Unassigned)
Details
(Keywords: sec-want)
xpc::TransplantObject is called in three places. All but one just crash if it fails. The third one is in nsGlobalWindow::SetNewDocument which is large and scary, so we should probably just crash there, too. In turn, JS_TransplantObject is only called by TransplantObject, so we should be able to make that infallible, too.
Does that sounds reasonable, Bobby?
(I'm just filing this as sec-want because it shouldn't be a common problem.)
|
||
Comment 1•11 years ago
|
||
Yeah, sounds good.
|
Reporter | |
Updated•11 years ago
|
Assignee: nobody → continuation
|
||
Updated•10 years ago
|
Group: core-security → dom-core-security
|
|
Reporter | |
Updated•8 years ago
|
Assignee: continuation → nobody
Group: dom-core-security
|
|
Reporter | |
Comment 2•6 years ago
|
||
It looks like JS_TransplantObject was already infallible as of bug 793904, but xpc::TransplantObject can still fail for other reasons.
Summary: Infallibilize xpc::TransplantObject and JS_TransplantObject → Infallibilize xpc::TransplantObject
|
|
||
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•