Bug 1346720 - Disallow invalid report IDs early on. r=gerald a=gchang
authorFrederik Braun <fbraun+gh@mozilla.com>
Mon, 13 Mar 2017 18:40:45 -0400
changeset 379178 6d07776e1a239872087b28b6710d78597309946b
parent 379177 60a2d0da9096a1132f267d68c47a1facd2ae19a8
child 379179 c5cc62e792d9f0bbd84e380da79102cc3efcfe08
push id1419
push userjlund@mozilla.com
push dateMon, 10 Apr 2017 20:44:07 +0000
treeherdermozilla-release@5e6801b73ef6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgerald, gchang
bugs1346720
milestone53.0
Bug 1346720 - Disallow invalid report IDs early on. r=gerald a=gchang MozReview-Commit-ID: GBDnzYh0gPt
browser/base/content/browser-media.js
dom/media/DecoderDoctorDiagnostics.cpp
--- a/browser/base/content/browser-media.js
+++ b/browser/base/content/browser-media.js
@@ -252,16 +252,20 @@ let gDecoderDoctorHandler = {
     //   to store at-issue formats.
     // - 'formats' contains a comma-separated list of formats (or key systems)
     //   that suffer the issue. These are kept in a pref, which the backend
     //   uses to later find when an issue is resolved.
     // - 'isSolved' is true when the notification actually indicates the
     //   resolution of that issue, to be reported as telemetry.
     let {type, isSolved, decoderDoctorReportId, formats} = parsedData;
     type = type.toLowerCase();
+    // Error out early on invalid ReportId
+    if (!(/^\w+$/mi).test(decoderDoctorReportId)) {
+      return
+    }
     let title = gDecoderDoctorHandler.getLabelForNotificationBox(type);
     if (!title) {
       return;
     }
 
     // We keep the list of formats in prefs for the sake of the decoder itself,
     // which reads it to determine when issues get solved for these formats.
     // (Writing prefs from e10s content is now allowed.)
--- a/dom/media/DecoderDoctorDiagnostics.cpp
+++ b/dom/media/DecoderDoctorDiagnostics.cpp
@@ -241,16 +241,17 @@ DecoderDoctorDocumentWatcher::EnsureTime
     if (NS_WARN_IF(NS_FAILED(
           mTimer->InitWithCallback(
             this, sAnalysisPeriod_ms, nsITimer::TYPE_ONE_SHOT)))) {
       mTimer = nullptr;
     }
   }
 }
 
+// Note: ReportStringIds are limited to alphanumeric only.
 static const NotificationAndReportStringId sMediaWidevineNoWMF=
   { dom::DecoderDoctorNotificationType::Platform_decoder_not_found,
     "MediaWidevineNoWMF" };
 static const NotificationAndReportStringId sMediaWMFNeeded =
   { dom::DecoderDoctorNotificationType::Platform_decoder_not_found,
     "MediaWMFNeeded" };
 static const NotificationAndReportStringId sMediaPlatformDecoderNotFound =
   { dom::DecoderDoctorNotificationType::Platform_decoder_not_found,