Closed
Bug 989665
Opened 12 years ago
Closed 12 years ago
Worker console: "Assertion failure: strings->Length() <= aData"
Categories
(Core :: DOM: Workers, defect)
Core
DOM: Workers
Tracking
()
RESOLVED
FIXED
mozilla31
| Tracking | Status | |
|---|---|---|
| firefox30 | --- | unaffected |
| firefox31 | --- | fixed |
| firefox-esr24 | --- | unaffected |
People
(Reporter: jruderman, Unassigned)
References
Details
(Keywords: assertion, testcase)
Attachments
(2 files)
|
127 bytes,
text/html
|
Details | |
|
2.26 KB,
patch
|
bzbarsky
:
review+
|
Details | Diff | Splinter Review |
Assertion failure: strings->Length() <= aData, at dom/base/Console.cpp:77
|
Reporter | |
Comment 1•12 years ago
|
||
Bug 989666 has a related testcase that asserts elsewhere.
|
||
Comment 2•12 years ago
|
||
Attachment #8399049 -
Flags: review?(bzbarsky)
This doesn't look s-s if that patch is all that's needed here.
|
||
Comment 4•12 years ago
|
||
Comment on attachment 8399049 [details] [diff] [review]
crash.patch
Er, yes.
Attachment #8399049 -
Flags: review?(bzbarsky) → review+
|
|
||
Comment 5•12 years ago
|
||
Comment on attachment 8399049 [details] [diff] [review]
crash.patch
[Security approval request comment]
How easily could an exploit be constructed based on the patch?
Hard. just debug builds.
Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?
Almost.
Which older supported branches are affected by this flaw?
0
If not all supported branches, which bug introduced the flaw?
bug 965860
How likely is this patch to cause regressions; how much testing does it need?
There is a mochitest included in the patch.
Attachment #8399049 -
Flags: sec-approval?
|
|
||
Updated•12 years ago
|
Keywords: checkin-needed
|
||
Comment 6•12 years ago
|
||
This can't be approved for checkin without a security rating. Do you have a suggested rating here? How exploitable is this?
By "0" branches being affected, do you mean that this is entirely Trunk only? If that's the case, it doesn't need sec-approval and can just be checked in (see https://wiki.mozilla.org/Security/Bug_Approval_Process for details).
|
|
||
Comment 7•12 years ago
|
||
(In reply to Al Billings [:abillings] from comment #6)
> This can't be approved for checkin without a security rating. Do you have a
> suggested rating here? How exploitable is this?
I don't think it's exploitable at all. It was a MOZ_ASSERT used on debug builds only.
>
> By "0" branches being affected, do you mean that this is entirely Trunk
> only? If that's the case, it doesn't need sec-approval and can just be
> checked in (see https://wiki.mozilla.org/Security/Bug_Approval_Process for
> details).
Right. I think Console API in C++ is still in trunk only.
|
|
||
Comment 8•12 years ago
|
||
|
|
||
Updated•12 years ago
|
|
|
||
Comment 9•12 years ago
|
||
Status: NEW → RESOLVED
Closed: 12 years ago
status-firefox31:
--- → fixed
Flags: in-testsuite?
Resolution: --- → FIXED
Target Milestone: --- → mozilla31
|
|
||
Comment 11•12 years ago
|
||
Comment on attachment 8399049 [details] [diff] [review]
crash.patch
Clearing sec-approval flag.
Attachment #8399049 -
Flags: sec-approval?
|
|
||
Updated•12 years ago
|
status-firefox30:
--- → unaffected
status-firefox-esr24:
--- → unaffected
|
||
Updated•10 years ago
|
Group: core-security → core-security-release
|
||
Updated•9 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•