[tor-bugs] #16771 [Tor Browser]: TBB crashes on Google Maps when creating markers/clicking
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Aug 12 20:32:53 UTC 2015
#16771: TBB crashes on Google Maps when creating markers/clicking
-------------------------+-------------------------------------------------
Reporter: tom | Owner: arthuredelstein
Type: defect | Status: needs_review
Priority: major | Milestone:
Component: Tor | Version:
Browser | Keywords: tbb-crash, tbb-5.0-regression,
Resolution: | TorBrowserTeam201508R
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------------------
Comment (by mikeperry):
It seems that this null check will avoid the crash, but we'll still leak
the blob URI in this case. This lookup and subsequent remove should be
succeeding, since the isolation key matches the original host and the blob
uri domain, right?
What I don't understand from my core file is why GetDataInfo() was
returning null here. It appears to have two entries in the gDataTable
hashtable still, which I assume are the two blob URIs in mHostObjectURIs
in the document.
I wonder if this also means that blob URIs might not be accessible in some
cases where they should be, even if the isolation matches? This
GetDataInfo() lookup is also used during accesses, and if it is returning
null when it shouldn't, then those objects won't be visible at all, right?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16771#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list