Closed
Bug 931086
Opened 11 years ago
Closed 2 years ago
IPC: crash while randomly closing a pipe [@mozilla::layers::CompositorParent::NotifyShadowTreeTransaction]
Categories
(Core :: Graphics: Layers, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: posidron, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, csectype-dos, sec-low)
Attachments
(1 file)
|
(deleted),
text/plain
|
Details |
This happened while randomly closing a pipe in Channel::ChannelImpl::ProcessOutgoingMessages() in an optimized/non-debug build.
The provided information might be poor for our developers but I am not sure yet how we could log more information about each pipe or what kind of information we should log.
Marked as s-s because I am not aware at this time whether this crash exposes any security risk or not.
Please let me also know how useful this kind of strategy is for IPC fuzzing.
This log is very useful, as is the technique. Please keep hunting for bugs like this!
Moving over to layers, looks like the parent isn't properly handling a child crash here.
Component: IPC → Graphics: Layers
|
||
Updated•11 years ago
|
Blocks: fix-ipc-sandbox
|
||
Comment 3•11 years ago
|
||
This particular stack looks like a null deref and probably isn't too harmful beyond rebooting your phone, but other variants might be worse (see the "harden-layers-ipc" bug).
Keywords: csectype-dos,
sec-low
|
||
Updated•9 years ago
|
Group: core-security → gfx-core-security
|
|
||
Updated•2 years ago
|
Severity: critical → S2
|
||
Comment 4•2 years ago
|
||
The code that failed in this very old Bug doesn't appear to exist anymore. Whatever was failing here, if it still is failing, is appearing with a different signature.
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → INVALID
|
|
||
Updated•1 year ago
|
Group: gfx-core-security
Resolution: INVALID → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•