Closed Bug 999686 Opened 6 years ago Closed 6 years ago
_CRASH(Unknown Compositable Type) in parent process on bad IPC message
Found by IPC fuzzing, so probably caused by a bad message from a client. Stack attached. We should not have MOZ_CRASH's based on untrusted inputs in the parent process. The MOZ_CRASH wasn't added recently, so I don't know why I didn't catch this in earlier fuzzing.
NS_ERROR is enough to record a test failure on TBPL. And here 'result' is a RefPtr so it is initialized as null, and subsequent code in this function is handling gracefully the case of null pointers.
Attachment #8410530 - Flags: review?(sotaro.ikeda.g)
Attachment #8410530 - Flags: review?(sotaro.ikeda.g) → review+
6 years ago
Assignee: nobody → bjacob
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla31
You need to log in before you can comment on or make changes to this bug.