Closed
Bug 1312248
Opened 8 years ago
Closed 7 years ago
Crash in HTTP while fuzzing
Categories
(Core :: Networking: HTTP, defect)
Core
Networking: HTTP
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: rforbes, Assigned: dragana)
Details
(Whiteboard: [necko-active])
Attachments
(2 files)
I am not as familiar with fuzzing http but while doing it I got this crash. ==9603==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000004e0f4e bp 0x7f1fc3645090 sp 0x7f1fc3645080 T2) ###!!! [Child][MessageChannel] Error: (msgtype=0x420003,name=PCompositable::Msg_Destroy) Channel error: cannot send/recv ###!!! [Child][MessageChannel] Error: (msgtype=0x420003,name=PCompositable::Msg_Destroy) Channel error: cannot send/recv #0 0x4e0f4d (/home/rforbes/fuzzing/browser/firefox/firefox+0x4e0f4d) #1 0x7f1fc67a2255 (/home/rforbes/fuzzing/browser/firefox/libxul.so+0x1dda255) #2 0x7f1fc67a1ffc (/home/rforbes/fuzzing/browser/firefox/libxul.so+0x1dd9ffc) #3 0x7f1fc767b85f (/home/rforbes/fuzzing/browser/firefox/libxul.so+0x2cb385f) #4 0x7f1fc7680873 (/home/rforbes/fuzzing/browser/firefox/libxul.so+0x2cb8873) #5 0x7f1fc7639b9b (/home/rforbes/fuzzing/browser/firefox/libxul.so+0x2c71b9b) #6 0x7f1fc75fb961 (/home/rforbes/fuzzing/browser/firefox/libxul.so+0x2c33961) #7 0x7f1fc75f5dc8 (/home/rforbes/fuzzing/browser/firefox/libxul.so+0x2c2ddc8) #8 0x7f1fc7613931 (/home/rforbes/fuzzing/browser/firefox/libxul.so+0x2c4b931) #9 0x7f1fc761448c (/home/rforbes/fuzzing/browser/firefox/libxul.so+0x2c4c48c) #10 0x7f1fe2de86f9 (/lib/x86_64-linux-gnu/libpthread.so.0+0x76f9) #11 0x7f1fe1e71b5c (/lib/x86_64-linux-gnu/libc.so.6+0x106b5c) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/home/rforbes/fuzzing/browser/firefox/firefox+0x4e0f4d) Thread T2 (Chrome_ChildThr) created by T0 (Web Content) here: #0 0x49a839 (/home/rforbes/fuzzing/browser/firefox/firefox+0x49a839) #1 0x7f1fc761354b (/home/rforbes/fuzzing/browser/firefox/libxul.so+0x2c4b54b) #2 0x7f1fc7682947 (/home/rforbes/fuzzing/browser/firefox/libxul.so+0x2cba947) #3 0x7f1fcf1ee757 (/home/rforbes/fuzzing/browser/firefox/libxul.so+0xa826757) #4 0x4dfb2b (/home/rforbes/fuzzing/browser/firefox/firefox+0x4dfb2b) #5 0x7f1fe1d8b82f (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) ==9603==ABORTING
Reporter | ||
Comment 1•8 years ago
|
||
Reporter | ||
Comment 2•8 years ago
|
||
I have the response from the server that crashed firefox. Please contact me for it as it is too big to put on bugzilla. also, most likely not a security bug but marking it as such for now and ccing jduell.
Group: network-core-security
Flags: needinfo?(jduell.mcbugs)
Updated•8 years ago
|
Flags: needinfo?(jduell.mcbugs)
Comment 3•8 years ago
|
||
Either Dragana or Daniel should take this, hopefully (email Raymond and get the HTTP response from him).
Flags: needinfo?(dd.mozilla)
Updated•8 years ago
|
Flags: needinfo?(daniel)
Assignee | ||
Comment 4•8 years ago
|
||
Is this reproducible?
Flags: needinfo?(dd.mozilla)
Flags: needinfo?(daniel)
Assignee | ||
Updated•8 years ago
|
Flags: needinfo?(rforbes)
Comment 5•8 years ago
|
||
please add the decoded stack to the bug - every time :)
Updated•8 years ago
|
Assignee: nobody → dd.mozilla
Whiteboard: [necko-active]
Assignee | ||
Comment 7•8 years ago
|
||
Any update here?
Reporter | ||
Comment 8•8 years ago
|
||
The response was too big to attach to bugzilla. Is there a different method I can get it to you? (i.e. dropbox)
Flags: needinfo?(rforbes)
Assignee | ||
Comment 9•8 years ago
|
||
(In reply to Raymond Forbes[:rforbes] from comment #8) > The response was too big to attach to bugzilla. Is there a different method > I can get it to you? (i.e. dropbox) You can send it via e-mail. gzip it first, or you have mozilla address, you can use google drive.
Assignee | ||
Comment 10•8 years ago
|
||
Can you add a decoded stack? Can you reproduce this and make http log?
Flags: needinfo?(rforbes)
Assignee | ||
Comment 11•7 years ago
|
||
Any news
Assignee | ||
Comment 12•7 years ago
|
||
please add the decoded stack to the bug. I cannot do anything here.
Assignee | ||
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INCOMPLETE
Updated•5 years ago
|
Flags: needinfo?(rforbes)
You need to log in
before you can comment on or make changes to this bug.
Description
•