[tbb-bugs] #17931 [Tor Browser]: Tor Browser Hardened Crash
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Dec 29 22:37:09 UTC 2015
#17931: Tor Browser Hardened Crash
-------------------------------------------------+-------------------------
Reporter: pege | Owner: tbb-
Type: defect | team
Priority: Immediate | Status:
Component: Tor Browser | needs_review
Severity: Blocker | Milestone:
Keywords: tbb-hardened, tbb-crash, | Version:
TorBrowserTeam201512R | Resolution:
Parent ID: | Actual Points:
Sponsor: | Points:
-------------------------------------------------+-------------------------
Comment (by mcs):
Replying to [comment:6 arthuredelstein]:
> The bug here is exposed by an interaction between URL escaping and
printf-like format specifiers. Here is what happens:
> ...
Good work finding the root cause of the crash!
I have not reviewed your patch yet, but you could reduce its size by
continuing to use nsContentUtils::LogMessageToConsole() and just calling
it like:
nsContentUtils::LogMessageToConsole("%s", message.get());
But maybe that is too ugly and maybe we want to eliminate extra overhead
(e.g., a call to PR_vsmprintf() that is not really needed).
I also wonder if the call to nsContentUtils::LogMessageToConsole() in
security/sandbox/chromium-shim/sandbox/win/loggingCallbacks.h at line 107
is safe. But maybe Tor Browser does not use that code?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17931#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list