[tor-bugs] #21962 [Applications/Tor Browser]: Segmentation fault with "high" security when changing in about:addons to "Extensions" or "Appearance"

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Apr 25 19:12:25 UTC 2017


#21962: Segmentation fault with "high" security when changing in about:addons to
"Extensions" or "Appearance"
-------------------------------------------------+-------------------------
 Reporter:  viktorj                              |          Owner:  mcs
     Type:  defect                               |         Status:
                                                 |  needs_information
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:  tbb-crash, tbb-usability, ff52-esr,  |  Actual Points:
  tbb-7.0-must-alpha, TorBrowserTeam201704R      |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor4
-------------------------------------------------+-------------------------

Comment (by gk):

 Replying to [comment:20 mcs]:
 > Replying to [comment:19 arthuredelstein]:
 > > This patch also looks good to me. A couple of nitpicky questions occur
 to me:
 > >  * Are there cases when checkedSystemPrincipal is false but topDocSpec
 remains empty?
 >
 > Yes, for example if `isSVGAllowed` is set to `true` because the load
 context is not content.
 >
 > >  * I wonder if it might be worth moving the appropriate printf
 statements into the if...else part around line 150. Might simplify the
 code a bit.
 >
 > Maybe, but Kathy and I prefer to leave the debug logging together near
 the end of the function to ensure that something is logged in all cases
 (and to make it easier to determine that is the case).
 >
 > Georg, what do you think?

 I am with you here, let's leave this as-is. Arthur: anything else or do
 you think this is fine for the alpha?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21962#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list