Re: [tor-bugs] #17931 [Tor Browser]: Tor Browser Hardened Crash

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#17931: Tor Browser Hardened Crash
-------------------------------------------------+-------------------------
 Reporter:  pege                                 |          Owner:  tbb-
     Type:  defect                               |  team
 Priority:  Immediate                            |         Status:
Component:  Tor Browser                          |  needs_review
 Severity:  Blocker                              |      Milestone:
 Keywords:  tbb-hardened, tbb-crash,             |        Version:
  TorBrowserTeam201512R                          |     Resolution:
Parent ID:                                       |  Actual Points:
  Sponsor:                                       |         Points:
-------------------------------------------------+-------------------------

Comment (by mcs):

 Replying to [comment:6 arthuredelstein]:
 > The bug here is exposed by an interaction between URL escaping and
 printf-like format specifiers. Here is what happens:
 > ...

 Good work finding the root cause of the crash!
 I have not reviewed your patch yet, but you could reduce its size by
 continuing to use nsContentUtils::LogMessageToConsole() and just calling
 it like:
   nsContentUtils::LogMessageToConsole("%s", message.get());
 But maybe that is too ugly and maybe we want to eliminate extra overhead
 (e.g., a call to PR_vsmprintf() that is not really needed).

 I also wonder if the call to nsContentUtils::LogMessageToConsole() in
 security/sandbox/chromium-shim/sandbox/win/loggingCallbacks.h at line 107
 is safe. But maybe Tor Browser does not use that code?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17931#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs