[tbb-bugs] #20680 [Applications/Tor Browser]: Rebase Tor Browser patches to 52 ESR

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Apr 3 08:48:14 UTC 2017


#20680: Rebase Tor Browser patches to 52 ESR
-------------------------------------------------+-------------------------
 Reporter:  arthuredelstein                      |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ff52-esr, tbb-7.0-must,              |  Actual Points:
  TorBrowserTeam201703, tbb-7.0-must-nightly     |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor4
-------------------------------------------------+-------------------------

Comment (by gk):

 Here comes another batch:

 `2c0fdc9fb55dc4f28edb96c2a69a1451bcf8dcf3`: good
 `1e1736ebc1a35427d1c1738d199b9c2ecca6373e`: good
 `0e58aa9e4028085038827a583f12ea943fa2405e`: good
 `8de96436b99518e947c6dedf3019d1df83714985`: good
 `230c803c10f8c0aedc8beaaf18d13e92e5d95259`: good
 `22508fe47768201b37ae86b2d995b14394727882`: good
 `414a6ce893d50c1374968e485113ac21dfb0b5dd`: good
 `85311e454060b97bc83494e6b59fb99e42b5f778`: good
 `1985add6bc2fcc8d3167b1381b985d543bd80998`: good
 `2399284cd6a7eaf4f21e01ce5d7d04b6297876f5`: good
 `b379130d85235ea6395ac36ad6e82eff4ea15359`: good
 `5c0f41dc2b317dcf1f4934c7cbc34a1de88e666b`: good
 `20dfcf1c67fbeeebd1b580fc59b83baf99bb66c6`: good
 `441f91e03424305e978bf27ca8b479c5929d9594`: good
 `106f19b01457ffd88273cea1e0ef39caa779a298`: good
 `b946f6cbe6cdecc3925e044c586810c7e48fcbc0`: good (should we merge that
 with TB4 commit?)
 `013d0cd1f153626cb7f40cc39288300ee55e100e`: (mcs/brade could you have a
 second look here as well?)

 in ``IsImageExtractionAllowed` why did you replace the old getting-the-
 first-party-code with:
 {{{
 +    nsIDocument* topLevelDocument =
 aDocument->GetTopLevelContentDocument();
 +    nsIURI *topLevelDocURI = topLevelDocument ?
 topLevelDocument->GetDocumentURI() : nullptr;
 +    nsCString topLevelDocURISpec;
 +    topLevelDocURI->GetSpec(topLevelDocURISpec);
 }}}
 It seems you are not guarding against a possible null-pointer-deref there?
 {{{
 +    rv = permissionManager->TestPermission(docURI,
 +
 PERMISSION_CANVAS_EXTRACT_DATA, &permission);
 +    NS_ENSURE_SUCCESS(rv, false);
 }}}
 Why not `topLevelDocURI` instead of `docURI`? in 45.8.0 it is
 `firstPartyURI` that gets tested.

 `fd11d2ad97ea828f9e68750165de70cb34e3a7e0`: good
 `d882e68b91a8a9ac1b6656bec5c38a2a7514115d`: good
 `d85df6ecd6f8de4ff718b3dc85882686f94488a9`: good

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20680#comment:36>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list