Closed
Bug 732178
Opened 13 years ago
Closed 13 years ago
CORS redirect handling broken when image cache validation is happening
Categories
(Core :: Graphics: ImageLib, defect)
Tracking
()
RESOLVED
FIXED
mozilla13
| Tracking | Status | |
|---|---|---|
| firefox-esr10 | --- | unaffected |
People
(Reporter: bzbarsky, Assigned: bzbarsky)
References
Details
Attachments
(2 files)
|
(deleted),
patch
|
Details | Diff | Splinter Review | |
|
(deleted),
patch
|
sicking
:
review+
joe
:
review+
|
Details | Diff | Splinter Review |
We clobber the channel notification callbacks with the cache validator, which means the CORS code will never see the redirect.
I don't know how to write a test that exercises this, sadly....
|
Assignee | |
Comment 1•13 years ago
|
||
|
|
Assignee | |
Comment 2•13 years ago
|
||
Attachment #602096 -
Flags: review?(jonas)
Attachment #602096 -
Flags: review?(joe)
|
|
Assignee | |
Updated•13 years ago
|
Whiteboard: [need review]
|
||
Comment 3•13 years ago
|
||
Comment on attachment 602096 [details] [diff] [review]
Set up the image cache validator before the CORS listener.
Review of attachment 602096 [details] [diff] [review]:
-----------------------------------------------------------------
::: image/src/imgLoader.cpp
@@ -1294,5 @@
>
> listener = corsproxy;
> }
>
> - newChannel->SetNotificationCallbacks(hvc);
You could also just change this to SetNotificationCallbacks(listener). Might need a QueryInterface, though, and thus might not be worthwhile.
I don't know whether that'll cause trouble with an nsCORSListenerProxy that fails to initialize in its constructor, though; maybe Jonas can weigh in on that.
Attachment #602096 -
Flags: review?(joe) → review+
Comment on attachment 602096 [details] [diff] [review]
Set up the image cache validator before the CORS listener.
Review of attachment 602096 [details] [diff] [review]:
-----------------------------------------------------------------
They way this patch does it is the right way. You have to set up the notifications callback before constructing the CORS proxy since the proxy ctor grabs the existing notification listener.
Attachment #602096 -
Flags: review?(jonas) → review+
|
|
Assignee | |
Comment 5•13 years ago
|
||
Oh, and I'd still love to know how to test this.
I pushed to try, and at first glance it looks like this patch is leaking on reftests (or at least all debug reftests are orange with leaks of 3 nsCORSListenerProxy and 3 imgCacheEntry and 3 imgRequest).
Oddly enough, none of the leaked nsStandardURLs are obvious CORS-enabled images:
file:///Users/cltbld/talos-slave/test/build/reftest/tests/layout/reftests/ogg-video/poster-2.html
file:///Users/cltbld/talos-slave/test/build/reftest/tests/layout/reftests/ogg-video/not-a-valid-file
file:///Users/cltbld/talos-slave/test/build/reftest/tests/layout/reftests/webm-video/poster-2.html
file:///Users/cltbld/talos-slave/test/build/reftest/tests/layout/reftests/webm-video/not-a-valid-file
file:///Users/cltbld/talos-slave/test/build/reftest/tests/layout/reftests/svg/image/image-svg-inline-01.html
There is also an nsSimpleURI leaked....
|
|
Assignee | |
Comment 6•13 years ago
|
||
Actually, nevermind. That may be fallout from bug 696301. Though the fact that we get leaks there is .... disturbing.
|
|
Assignee | |
Comment 7•13 years ago
|
||
Yes, indeed. The issue was bug 696301 plus a prexisting leak in imagelib. Filed bug 732319 on that.
|
|
Assignee | |
Comment 8•13 years ago
|
||
Flags: in-testsuite?
Whiteboard: [need review]
Target Milestone: --- → mozilla13
|
|
Assignee | |
Comment 9•13 years ago
|
||
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
||
Comment 10•13 years ago
|
||
From our read of this bug, we don't believe ESR 10 is affected. Please email if that's not the case.
status-firefox-esr10:
--- → unaffected
|
||
Updated•9 years ago
|
Group: core-security → core-security-release
|
||
Updated•8 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•