Security/Sandbox/2018-04-26
From MozillaWiki
« previous week | index | next week »
Contents
tjr
- MinGW Build
- Identified https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85525
- Disabling Skia's AVX code produces a somewhat-working browser
- However some child process crashes here: https://searchfox.org/mozilla-central/source/layout/svg/nsSVGIntegrationUtils.cpp#103
- I swear I had seen this issue before, maybe while working on x86. In any event, I don't understand it and am planning to reach out the gfx to help....
- CFI Build
- I got a working build with lld as the linker. I'm now working to enable LTO (probably ThinLTO)
- Ted helped me overcome one issue this morning (we filed 3 bugs from it), and now onto undefined symbols in JS...
- Timer Intermittents
- Landed one fix in bug 1446346
- Need to investigate bug 1454584 which makes no sense to me...
- Lots of gdocs being written (Fission, Tor, Skia)
jld
- The shared memory changes broke.
- bug 1456022 - The broker glitch is back
- We've been leaking space in /dev/shm since 54 and not noticing until i added an assert. So that's bad.
- I *can* repro the bug locally… about once every 2 hours of continuous testing (or ~8.5e8 RPCs)
- Probably higher rate per RPC in that one reftest one of the dups mentions, so might be common enough to matter in real usage.
- 4 repros with fake second response not received, so probably the request getting lost?
- Planning another test to try to verify that.
- bug 1455828 - pref data corruption
- How is this even possible?
- bug 1456911 - LaunchApp close-on-exec bug if src fd == dst fd (so, for pref shm, if it happens to get fd 8)
- …which Chromium apparently still has(!); need to file upstream bug.
- Not filed yet: “backport” not seeking to end & setting append mode, to find out if it's a stray write to the fd
- bug 1456902 - Get more info when crashing
- bug 1455800 - Probably not security-sensitive but a second opinion would be nice.
gcp
- [Bug 1455498] WebGL doesn't work on Linux if drivers are loaded through LD_LIBRARY_PATH
- X windows proxy:
- There appears to be very minimal traffic after startup
- So the proxy is mostly about correlating connections with pids and Content startup
- Unrusting rust code
- Need to disallow connections to the real X server somehow! we can now broker connect
bobowen
- Canvas remoting.
- My horribly hacked version is working ... sort of.
- bug 1444699 - Crash in sandbox::`anonymous namespace'::WarmupWindowsLocales
- Landed on m-c
Alex_Gaynor
- IPC Fuzing
- bug 1456147 - filed; assertion failure in underlying buffer management
- Fuzzer found two sec bugs this week; I found one more by manual inspection
- bug 1450232 - landed; improve how we handle large length fields in IPC deserialization so the fuzzer doesn't OOM all the time
handyman
- bug 1366256 - NPAPI sandbox level 3
- Tracked to being "something about the build binary". (Its not the automation setup.)
- bug 1450708 - Crash in FunctionBroker
- Waiting to see if fixed. Uplift?
- Plugin sec bug
haik
- bug 1376773 - Intermittent test_crash.py TestCrash.test_crash_chrome_process...
- Deadlock in breakpad callbacks, similar to 1395504
- bug 1450715 - Add pref dom.ipc.plugins.sandbox-level.flash to telemetry
- landed, still needs sql.t.m.o fix for querying in main summary
- bug 1432567 - [Mac] Add a test that renders fonts from non-standard directories
- Installed 10.10, using artifact build on local machine for debugging
- Made a bit of debugging progress