commit 3772b212b97364f3acedc483760dda0c5c1b663c
parent 4fbe4f33027316dca4baeadecca8c2dc5428b18d
Author: Alex Franchuk <afranchuk@mozilla.com>
Date: Fri, 7 Nov 2025 13:54:26 +0000
Bug 1950847 - Fix the PatchIfTargetIsRecognizedTrampoline path to not race with the new function r=win-reviewers,yjuglaret
Differential Revision: https://phabricator.services.mozilla.com/D270721
Diffstat:
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/toolkit/xre/dllservices/mozglue/interceptor/PatcherDetour.h b/toolkit/xre/dllservices/mozglue/interceptor/PatcherDetour.h
@@ -825,19 +825,24 @@ class WindowsDllDetourPatcher final
return false;
}
+ // Set aOutTramp now so that the new target won't race if accessing this
+ // value. Bug 1838286 did not fix this path, resulting in bug 1950847.
+ *aOutTramp = reinterpret_cast<void*>(originalTarget);
+
// Write the new JMP target address.
target.WritePointer(aDest);
if (!target.Commit()) {
+ *aOutTramp = nullptr;
return false;
}
// Store the old target address so we can restore it when we're cleared
aTramp.WritePointer(originalTarget);
if (!aTramp) {
+ *aOutTramp = nullptr;
return false;
}
- *aOutTramp = reinterpret_cast<void*>(originalTarget);
return true;
}
#endif // defined(_M_X64)
