Last Comment Bug 479288 - Lack of XOW
: Lack of XOW
Status: RESOLVED FIXED
: [sg:high] regression from security fi...
: fixed1.9.0.12, fixed1.9.1, regression
Product: Core
Classification: Components
Component: XPConnect
: Trunk
: x86 Windows XP
: P2 normal (vote)
: mozilla1.9.1
Assigned To: Blake Kaplan (:mrbkap)
: xpconnect
:
:
: 460882
  Show dependency treegraph
 
Reported: 2009-02-19 12:09 PST by moz_bug_r_a4
Modified: 2009-07-21 17:26 PDT (History)
8 users (show)
jst: blocking1.9.1+
dveditz: blocking1.9.0.12+
dveditz: wanted1.9.0.x+
See Also:
Crash Signature:


Attachments
Proposed fix (8.08 KB, patch)
2009-02-19 14:55 PST, Blake Kaplan (:mrbkap)
no flags Details | Diff | Splinter Review
Updated to bent's comments (4.69 KB, patch)
2009-02-19 16:14 PST, Blake Kaplan (:mrbkap)
bent.mozilla: review+
jst: superreview+
Details | Diff | Splinter Review

Summon comment box

Description moz_bug_r_a4 2009-02-19 12:09:55 PST
This seems to be a regression from bug 460882.

When accessing a window by using __parent__ property or valueOf.call(), the
window is not wrapped in XOW.

Sorry if this is a duplicate of bug 478910 or bug 479211.
Comment 3 Blake Kaplan (:mrbkap) 2009-02-19 12:20:14 PST
This is mine, really. I'm sure bent won't mind me stealing it.
Comment 4 Daniel Veditz 2009-02-19 13:51:54 PST
sg:high at least, sg:critical if there's a way into a privileged about: page or similar.
Comment 5 Blake Kaplan (:mrbkap) 2009-02-19 14:55:07 PST
Created attachment 363204 [details] [review]
Proposed fix

This should fix it. It still needs a run against Dromaeo to ensure I'm not actually slowing anything down.
Comment 6 Blake Kaplan (:mrbkap) 2009-02-19 16:14:15 PST
Created attachment 363217 [details] [review]
Updated to bent's comments

Bent convinced me that the thisObject hook was the way to go and that we should call OBJ_TO_OUTER_OBJECT from the thisObject hook in XPConnect.
Comment 7 ben turner [:bent] (vacation until 7/25) 2009-02-20 15:06:15 PST
Comment on attachment 363217 [details] [review]
Updated to bent's comments

Looks great! No significant differences on dromaeo.
Comment 8 Daniel Veditz 2009-02-23 11:34:33 PST
Taking off the 1.9.0.8 blocking list until we've got a handle on all the remaining regressions of bug 460882.
Comment 9 Blake Kaplan (:mrbkap) 2009-02-25 17:41:19 PST
http://hg.mozilla.org/mozilla-central/rev/839f915de914
Comment 10 Blake Kaplan (:mrbkap) 2009-02-25 20:41:40 PST
*** Bug 479924 has been marked as a duplicate of this bug. ***
Comment 11 Blake Kaplan (:mrbkap) 2009-03-02 17:38:00 PST
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/b731d0bcadac
Comment 12 Al Billings [:abillings] 2009-06-30 14:58:20 PDT
Does this bug actually apply to 1.9.0? I don't see a checkin for CVS above for 1.9.0 and testing with the testcase with 1.9.0.11, the bug doesn't reproduce.
Comment 13 Blake Kaplan (:mrbkap) 2009-06-30 15:04:50 PDT
Al, this is the same as bug 481434 in that it won't affect 1.9.0.11, but the patch was needed when we landed bug 460882 on the 1.9.0 branch to avoid introducing this regression there.

Note You need to log in before you can comment on or make changes to this bug.