Closed
Bug 989665
Opened 10 years ago
Closed 10 years ago
Worker console: "Assertion failure: strings->Length() <= aData"
Categories
(Core :: DOM: Workers, defect)
Core
DOM: Workers
Tracking
()
RESOLVED
FIXED
mozilla31
Tracking | Status | |
---|---|---|
firefox30 | --- | unaffected |
firefox31 | --- | fixed |
firefox-esr24 | --- | unaffected |
People
(Reporter: jruderman, Unassigned)
References
Details
(Keywords: assertion, testcase)
Attachments
(2 files)
127 bytes,
text/html
|
Details | |
2.26 KB,
patch
|
bzbarsky
:
review+
|
Details | Diff | Splinter Review |
Assertion failure: strings->Length() <= aData, at dom/base/Console.cpp:77
Reporter | ||
Comment 1•10 years ago
|
||
Bug 989666 has a related testcase that asserts elsewhere.
Comment 2•10 years ago
|
||
Attachment #8399049 -
Flags: review?(bzbarsky)
This doesn't look s-s if that patch is all that's needed here.
Comment 4•10 years ago
|
||
Comment on attachment 8399049 [details] [diff] [review] crash.patch Er, yes.
Attachment #8399049 -
Flags: review?(bzbarsky) → review+
Comment 5•10 years ago
|
||
Comment on attachment 8399049 [details] [diff] [review] crash.patch [Security approval request comment] How easily could an exploit be constructed based on the patch? Hard. just debug builds. Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem? Almost. Which older supported branches are affected by this flaw? 0 If not all supported branches, which bug introduced the flaw? bug 965860 How likely is this patch to cause regressions; how much testing does it need? There is a mochitest included in the patch.
Attachment #8399049 -
Flags: sec-approval?
Updated•10 years ago
|
Keywords: checkin-needed
Comment 6•10 years ago
|
||
This can't be approved for checkin without a security rating. Do you have a suggested rating here? How exploitable is this? By "0" branches being affected, do you mean that this is entirely Trunk only? If that's the case, it doesn't need sec-approval and can just be checked in (see https://wiki.mozilla.org/Security/Bug_Approval_Process for details).
Comment 7•10 years ago
|
||
(In reply to Al Billings [:abillings] from comment #6) > This can't be approved for checkin without a security rating. Do you have a > suggested rating here? How exploitable is this? I don't think it's exploitable at all. It was a MOZ_ASSERT used on debug builds only. > > By "0" branches being affected, do you mean that this is entirely Trunk > only? If that's the case, it doesn't need sec-approval and can just be > checked in (see https://wiki.mozilla.org/Security/Bug_Approval_Process for > details). Right. I think Console API in C++ is still in trunk only.
Updated•10 years ago
|
Comment 9•10 years ago
|
||
landed https://hg.mozilla.org/mozilla-central/rev/61b1f28c3c16
Status: NEW → RESOLVED
Closed: 10 years ago
status-firefox31:
--- → fixed
Flags: in-testsuite?
Resolution: --- → FIXED
Target Milestone: --- → mozilla31
Comment 11•10 years ago
|
||
Comment on attachment 8399049 [details] [diff] [review] crash.patch Clearing sec-approval flag.
Attachment #8399049 -
Flags: sec-approval?
Updated•10 years ago
|
status-firefox30:
--- → unaffected
status-firefox-esr24:
--- → unaffected
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•8 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•