Paths

Table of Contentst

Differential D69463

Bug 1626728 - Normalize shutdown. r=perry
ClosedPublic
Actions

Authored by asuth on Apr 2 2020, 11:40 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Sep 24 2024, 11:48 PM

	Unknown Object (File)
	Aug 6 2024, 6:58 PM

	Unknown Object (File)
	Apr 29 2023, 4:10 PM

	Unknown Object (File)
	Apr 29 2023, 4:06 PM

	Unknown Object (File)
	Apr 29 2023, 4:03 PM

	Unknown Object (File)
	Apr 29 2023, 4:00 PM

	Unknown Object (File)
	Apr 29 2023, 3:57 PM

	Unknown Object (File)
	Apr 29 2023, 3:49 PM

View All 13 Files

Subscribers

• fluffyemily

View All 28 Subscribers

Details

Reviewers

• perry
jstutte

Commits

rMOZILLACENTRAL3353f680e068: Bug 1626728 - Normalize shutdown. r=perry,jstutte, a=RyanVM
rMOZILLACENTRAL31422fcc61f2: Bug 1626728 - Normalize shutdown. r=perry,jstutte, a=RyanVM
rMOZILLACENTRAL73e370ab9539: Bug 1626728 - Normalize shutdown. r=perry,jstutte, a=RyanVM on a CLOSED TREE
rMOZILLACENTRAL6639deb89417: Bug 1626728 - Normalize shutdown. r=perry,jstutte, a=RyanVM
rMOZILLACENTRALa3dd5ee8c5f2: Bug 1626728 - Normalize shutdown. r=perry, a=RyanVM
rMOZILLACENTRAL70743aa8b7b6: Bug 1626728 - Normalize shutdown. r=perry, a=RyanVM
rMOZILLACENTRAL1036ae72b56e: Bug 1626728 - Normalize shutdown. r=perry, a=RyanVM
rMOZILLACENTRALb7170a7eaacb: Bug 1626728 - Normalize shutdown. r=perry, a=RyanVM

Bugzilla Bug ID

Diff Detail

Repository

rMOZILLACENTRAL mozilla-central

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

asuth created this revision.Apr 2 2020, 11:40 PM

Herald added a project: secure-revision. · View Herald TranscriptApr 2 2020, 11:40 PM

Harbormaster completed remote builds in B179658: Diff 254597.Apr 2 2020, 11:40 PM

phab-bot requested review of this revision.Apr 2 2020, 11:40 PM

phab-bot changed the visibility from "Custom Policy" to "Custom Policy".

phab-bot changed the edit policy from "Custom Policy" to "Custom Policy".

phab-bot added a project: Restricted Project.

phab-bot added subscribers: rsalonso, jstutte, • sarentz and 14 others.

My understanding of what goes wrong is that

StreamList has a raw pointer to a CacheStreamControlParent (mStreamControl)
StreamList calling mStreamControl->CloseAll(); can indirectly re-enter a StreamList method for the same calling instance and delete its mStreamControl, which means it's deleting itself
Before CloseAll returns and after the mStreamControl is deleted, it (mStreamControl) would call one of its own methods, which is a UAF

Removing StreamList's member pointer prevents the mStreamControl from indirectly deleting itself. Shutdown is just additional cleanup to delete (what used to be) mStreamControl

This revision is now accepted and ready to land.Apr 3 2020, 1:44 AM

Closed by commit rMOZILLACENTRALb7170a7eaacb: Bug 1626728 - Normalize shutdown. r=perry, a=RyanVM (authored by asuth). · Explain WhyApr 3 2020, 4:28 AM

This revision was automatically updated to reflect the committed changes.

asuth added a commit: rMOZILLACENTRALb7170a7eaacb: Bug 1626728 - Normalize shutdown. r=perry, a=RyanVM.

asuth added a commit: rMOZILLACENTRAL1036ae72b56e: Bug 1626728 - Normalize shutdown. r=perry, a=RyanVM.

asuth added a commit: rMOZILLACENTRAL70743aa8b7b6: Bug 1626728 - Normalize shutdown. r=perry, a=RyanVM.Apr 3 2020, 4:38 AM

asuth added a commit: rMOZILLACENTRALa3dd5ee8c5f2: Bug 1626728 - Normalize shutdown. r=perry, a=RyanVM.Apr 3 2020, 4:47 AM

phab-bot changed the visibility from "Custom Policy" to "Custom Policy".Apr 3 2020, 4:49 AM

phab-bot changed the edit policy from "Custom Policy" to "Custom Policy".

phab-bot added a project: Restricted Project.

RyanVM reopened this revision.Apr 3 2020, 5:35 AM

This revision is now accepted and ready to land.Apr 3 2020, 5:35 AM

RyanVM added a reverting change: rMOZILLACENTRALeb1f8bc1622d: Backed out changeset 1036ae72b56e (bug 1626728) for assertion failures on a….Apr 3 2020, 5:35 AM

• noemi_erli added a reverting change: rMOZILLACENTRALecaceb8b8295: Backed out changeset b7170a7eaacb (bug 1626728) for causing assertion failures….Apr 3 2020, 5:35 AM

RyanVM added a reverting change: rMOZILLACENTRAL58224a758c40: Backed out changeset 70743aa8b7b6 (bug 1626728) for assertion failures..Apr 3 2020, 5:35 AM

RyanVM added a reverting change: rMOZILLACENTRAL0ced814f5aeb: Backed out changeset a3dd5ee8c5f2 (bug 1626728) for assertion failures..

asuth updated this revision to Diff 254702.Apr 3 2020, 5:39 AM

Harbormaster completed remote builds in B179737: Diff 254702.Apr 3 2020, 5:39 AM

jstutte accepted this revision.Apr 3 2020, 6:24 AM

Closed by commit rMOZILLACENTRAL6639deb89417: Bug 1626728 - Normalize shutdown. r=perry,jstutte, a=RyanVM (authored by asuth). · Explain WhyApr 3 2020, 6:35 AM

This revision was automatically updated to reflect the committed changes.

asuth added a commit: rMOZILLACENTRAL6639deb89417: Bug 1626728 - Normalize shutdown. r=perry,jstutte, a=RyanVM.

asuth added a commit: rMOZILLACENTRAL73e370ab9539: Bug 1626728 - Normalize shutdown. r=perry,jstutte, a=RyanVM on a CLOSED TREE.Apr 3 2020, 6:42 AM

asuth added a commit: rMOZILLACENTRAL31422fcc61f2: Bug 1626728 - Normalize shutdown. r=perry,jstutte, a=RyanVM.Apr 3 2020, 6:44 AM

asuth added a commit: rMOZILLACENTRAL3353f680e068: Bug 1626728 - Normalize shutdown. r=perry,jstutte, a=RyanVM.Apr 3 2020, 6:52 AM

phab-bot added a subscriber: mkmelin.Apr 3 2020, 1:43 PM

phab-bot added a subscriber: edenchuang.Apr 3 2020, 2:41 PM

phab-bot added a subscriber: jkratzer.Apr 3 2020, 3:14 PM

phab-bot added subscribers: wsmwk, clokep, rjl.Apr 3 2020, 3:22 PM

phab-bot added a subscriber: • kbrosnan.Apr 3 2020, 3:28 PM

phab-bot added a subscriber: kaie.Apr 3 2020, 3:36 PM

phab-bot added a subscriber: Wolfbeast.Apr 6 2020, 8:48 PM

phab-bot added a subscriber: • ytausky.Apr 7 2020, 3:37 PM

ttung mentioned this in D71323: Bug 1628076 - Ensure sFactory alive while it is calling Abort;.Apr 17 2020, 1:59 PM

phab-bot added a subscriber: jmaher.Jun 1 2020, 2:28 PM

phab-bot changed the visibility from "Custom Policy" to "Public (No Login Required)".Jun 5 2020, 7:38 AM

phab-bot changed the edit policy from "Custom Policy" to "Restricted Project (Project)".

phab-bot removed projects: Restricted Project, Restricted Project, secure-revision.

Revision Contents
Changeset List

Path

Size

dom/

cache/

10 lines

Diff 254707

dom/cache/StreamList.cpp

Loading...