Closed
Bug 999686
Opened 10 years ago
Closed 10 years ago
Faulty: MOZ_CRASH(Unknown CompositableType) in parent process on bad IPC message
Categories
(Core :: Graphics: Layers, defect)
Core
Graphics: Layers
Tracking
()
RESOLVED
FIXED
mozilla31
People
(Reporter: bjacob, Assigned: bjacob)
Details
Attachments
(2 files)
30.82 KB,
text/plain
|
Details | |
1.70 KB,
patch
|
sotaro
:
review+
|
Details | Diff | Splinter Review |
Found by IPC fuzzing, so probably caused by a bad message from a client. Stack attached. We should not have MOZ_CRASH's based on untrusted inputs in the parent process. The MOZ_CRASH wasn't added recently, so I don't know why I didn't catch this in earlier fuzzing.
Assignee | ||
Comment 1•10 years ago
|
||
Assignee | ||
Comment 2•10 years ago
|
||
NS_ERROR is enough to record a test failure on TBPL. And here 'result' is a RefPtr so it is initialized as null, and subsequent code in this function is handling gracefully the case of null pointers.
Attachment #8410530 -
Flags: review?(sotaro.ikeda.g)
Updated•10 years ago
|
Attachment #8410530 -
Flags: review?(sotaro.ikeda.g) → review+
Updated•10 years ago
|
Assignee: nobody → bjacob
Assignee | ||
Comment 3•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/6c4e8196edff
Comment 4•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/6c4e8196edff
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla31
You need to log in
before you can comment on or make changes to this bug.
Description
•