New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 669625 link

Starred by 4 users
Status: Fixed
Owner:
digit@chromium.org
Last visit > 30 days ago
Closed: Jan 2017
Cc:
m...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug



Sign in to add a comment

Time conversion functions that return bools should have WARN_UNUSED_RESULT

Project Member Reported by m...@chromium.org, Nov 29 2016 
For example: https://cs.chromium.org/chromium/src/base/time/time.h?rcl=0&l=557

There are functions that do things like map calendar fields to a base::Time value. But, these can fail on invalid input. We should ensure all callers of these functions handle the failure case gracefully to avoid allowing bugs (or maybe even security issues) to sneak-in.

Comment 1 by och...@chromium.org, Nov 29 2016

Labels: -Type-Bug-Security Type-Bug
Removing this from the security queue since there's no concrete vulnerability here.

Comment 2 by ratsu...@gmail.com, Dec 2 2016 

Hi

I just found these two static functions (base::Time::FromString and base::Time::FromUTCString) need be tagged as WARN_UNUSED_RESULT.

Are there any missing functions?

Thanks

Comment 3 by thakis@chromium.org, Jan 3 2017

Owner: digit@chromium.org
Status: Started (was: Available)
https://codereview.chromium.org/2605293002/

Comment 4 by thakis@chromium.org, Jan 3 2017 

On that CL: It looks like > 20% of callers of FromString don't care about the result of these functions (the CL just adds ignore_result there). That seems too high for WARN_UNUSED_RESULT; that should only be used if not checking the result of a function is a clear bug. (Else we'd just add it to every function returning a value.)
Project Member

Comment 5 by bugdroid1@chromium.org, Jan 12 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2c8eed34518aa37ebe2decc78af0694e1826c43b

commit 2c8eed34518aa37ebe2decc78af0694e1826c43b
Author: digit <digit@chromium.org>
Date: Thu Jan 12 20:49:41 2017

Add WARN_UNUSED_RESULT to base::Time methods that return bool.

base::Time::FromString() and base::Time::FromUTCString() might fail
at runtime on bad input. This adds a WARN_UNUSED_RESULT to their
declarations to ensure that all callers properly handle the result.

Apart from unit-tests, this changes two things:

- DataUseTracker::RemoveExpiredEntriesForPref() will also
  remove any entries with an invalid date string.

  This doesn't change the runtime behaviour though, because
  a failure in base::Time::FromUTCString() would keep the
  local |key_date| variable to 0, which would have been
  considered too old anyway.

- VariationsSeedStore::ImportFirstRunJavaSeed() has
  a new failure mode triggered by an invalid response
  date |FIRST_RUN_SEED_IMPORT_FAIL_INVALID_RESPONSE_DATE|

  It looks like the FirstRunResult enum values are only
  used on Android to report UMA metrics, so ensure that
  the new constant is added at the end of the list to
  avoid generating confusing histograms.

- PexeDownloader::didReceiveResponse() still ignores
  invalid HTTP response 'last-modified' header dates.
  As with RemoveExpiredEntriesForPref() this doesn't
  change the runtime behaviour, but it is hard to see
  whether this is desirable or dangerous.

- ConvertRequestValueToFileInfo() still ignores
  invalid date strings, as mentioned by the comment
  above the base::Time::FromString() line.

BUG= 669625 

Review-Url: https://codereview.chromium.org/2605293002
Cr-Commit-Position: refs/heads/master@{#443353}

[modify] https://crrev.com/2c8eed34518aa37ebe2decc78af0694e1826c43b/base/time/time.h
[modify] https://crrev.com/2c8eed34518aa37ebe2decc78af0694e1826c43b/chrome/browser/chromeos/file_system_provider/operations/get_metadata.cc
[modify] https://crrev.com/2c8eed34518aa37ebe2decc78af0694e1826c43b/chrome/browser/chromeos/mobile_config_unittest.cc
[modify] https://crrev.com/2c8eed34518aa37ebe2decc78af0694e1826c43b/components/data_reduction_proxy/core/browser/data_reduction_proxy_compression_stats_unittest.cc
[modify] https://crrev.com/2c8eed34518aa37ebe2decc78af0694e1826c43b/components/metrics/data_use_tracker.cc
[modify] https://crrev.com/2c8eed34518aa37ebe2decc78af0694e1826c43b/components/metrics/data_use_tracker_unittest.cc
[modify] https://crrev.com/2c8eed34518aa37ebe2decc78af0694e1826c43b/components/nacl/browser/pnacl_translation_cache_unittest.cc
[modify] https://crrev.com/2c8eed34518aa37ebe2decc78af0694e1826c43b/components/nacl/renderer/ppb_nacl_private_impl.cc
[modify] https://crrev.com/2c8eed34518aa37ebe2decc78af0694e1826c43b/components/variations/variations_seed_store.cc
[modify] https://crrev.com/2c8eed34518aa37ebe2decc78af0694e1826c43b/content/browser/blob_storage/blob_storage_context_unittest.cc
[modify] https://crrev.com/2c8eed34518aa37ebe2decc78af0694e1826c43b/content/browser/loader/upload_data_stream_builder_unittest.cc
[modify] https://crrev.com/2c8eed34518aa37ebe2decc78af0694e1826c43b/net/http/http_response_headers_unittest.cc

Comment 6 by digit@chromium.org, Jan 13 2017

Status: Fixed (was: Started)
Project Member

Comment 7 by bugdroid1@chromium.org, Jan 20 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0e2de9dbb7a8507438b24f2a70be000ccb7a8265

commit 0e2de9dbb7a8507438b24f2a70be000ccb7a8265
Author: digit <digit@chromium.org>
Date: Fri Jan 20 14:40:32 2017

histograms.xml: Add missing new value for FirstRunResult.

This is a follow-up to https://codereview.chromium.org/2605293002/
which introduced a new enum value in the Variations.FirstRunResult
historgram to account for seed import failure, in the case of an
invalid response date string.

BUG= 669625 
R=asvitkine@chromium.org

Review-Url: https://codereview.chromium.org/2646743003
Cr-Commit-Position: refs/heads/master@{#445051}

[modify] https://crrev.com/0e2de9dbb7a8507438b24f2a70be000ccb7a8265/tools/metrics/histograms/histograms.xml

Sign in to add a comment