Bug 1346720 - Disallow invalid report IDs early on. r=gerald a=gchang
authorFrederik Braun <fbraun+gh@mozilla.com>
Mon, 13 Mar 2017 18:40:45 -0400
changeset 375367 908962e98a39fbc9655928f651e59df577de9f91
parent 375366 b103de790ae97f1b64e5c5117c4de99928d40204
child 375368 f024c36fad38f458a8561d6e245c2936f42215d9
push id10929
push usercbook@mozilla.com
push dateWed, 22 Mar 2017 08:47:51 +0000
treeherdermozilla-aurora@908962e98a39 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgerald, gchang
bugs1346720
milestone54.0a2
Bug 1346720 - Disallow invalid report IDs early on. r=gerald a=gchang MozReview-Commit-ID: GBDnzYh0gPt
browser/base/content/browser-media.js
dom/media/DecoderDoctorDiagnostics.cpp
--- a/browser/base/content/browser-media.js
+++ b/browser/base/content/browser-media.js
@@ -244,16 +244,20 @@ let gDecoderDoctorHandler = {
     //   to store at-issue formats.
     // - 'formats' contains a comma-separated list of formats (or key systems)
     //   that suffer the issue. These are kept in a pref, which the backend
     //   uses to later find when an issue is resolved.
     // - 'isSolved' is true when the notification actually indicates the
     //   resolution of that issue, to be reported as telemetry.
     let {type, isSolved, decoderDoctorReportId, formats} = parsedData;
     type = type.toLowerCase();
+    // Error out early on invalid ReportId
+    if (!(/^\w+$/mi).test(decoderDoctorReportId)) {
+      return
+    }
     let title = gDecoderDoctorHandler.getLabelForNotificationBox(type);
     if (!title) {
       return;
     }
 
     // We keep the list of formats in prefs for the sake of the decoder itself,
     // which reads it to determine when issues get solved for these formats.
     // (Writing prefs from e10s content is now allowed.)
--- a/dom/media/DecoderDoctorDiagnostics.cpp
+++ b/dom/media/DecoderDoctorDiagnostics.cpp
@@ -242,16 +242,17 @@ DecoderDoctorDocumentWatcher::EnsureTime
     if (NS_WARN_IF(NS_FAILED(
           mTimer->InitWithCallback(
             this, sAnalysisPeriod_ms, nsITimer::TYPE_ONE_SHOT)))) {
       mTimer = nullptr;
     }
   }
 }
 
+// Note: ReportStringIds are limited to alphanumeric only.
 static const NotificationAndReportStringId sMediaWidevineNoWMF=
   { dom::DecoderDoctorNotificationType::Platform_decoder_not_found,
     "MediaWidevineNoWMF" };
 static const NotificationAndReportStringId sMediaWMFNeeded =
   { dom::DecoderDoctorNotificationType::Platform_decoder_not_found,
     "MediaWMFNeeded" };
 static const NotificationAndReportStringId sMediaPlatformDecoderNotFound =
   { dom::DecoderDoctorNotificationType::Platform_decoder_not_found,