Closed
Bug 757023
Opened 12 years ago
Closed 12 years ago
Heap-use-after-free in XPCNativeScriptableInfo::Mark()
Categories
(Core :: XPConnect, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 752340
People
(Reporter: ax330d, Assigned: mccr8)
Details
(Keywords: crash, sec-other, testcase, Whiteboard: [asan][sg:dupe 752340])
Attachments
(3 files)
ASan reported heap-use-after-free, log is attached. Unfortunately no test-case at the moment. Version where bug was found: http://hg.mozilla.org/mozilla-central/rev/95437bcc43dc
|
||
Comment 1•12 years ago
|
||
Don't know how far we'll get without a testcase, but maybe bholley can spot something from the trace.
Component: Untriaged → XPConnect
Keywords: crash,
testcase-wanted
Product: Firefox → Core
QA Contact: untriaged → xpconnect
Whiteboard: [asan]
|
||
Comment 2•12 years ago
|
||
Maybe this is bug 751454? Fix just landed.
|
Reporter | |
Comment 3•12 years ago
|
||
I still see this bug on http://hg.mozilla.org/mozilla-central/rev/cff5b4470690
|
|
Reporter | |
Comment 4•12 years ago
|
||
The bug is still on cf4face65451, but I am working on test-case - will provide it in a day or two.
|
|
Reporter | |
Comment 5•12 years ago
|
||
It is not that reliable - sometimes one have to wait for ~15 seconds until it crashes.
|
||
Comment 6•12 years ago
|
||
Confirmed this using today's daily m-c asan build ( https://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/choller@mozilla.com-2debc330caa1/try-linux64/ ).
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
Assignee | |
Updated•12 years ago
|
|
|
Assignee | |
Comment 7•12 years ago
|
||
This looks like another variant of bug 752340. With the assertion from that bug, this test case hits it immediately. With the assertion and the fix in place, it doesn't seem to crash, even after a minute or so.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
|
|
||
Updated•12 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•