Closed
Bug 1022509
Opened 10 years ago
Closed 10 years ago
ASAN failure and memory trashing from GC changes (especially dom/src/offline/crashtests/408431-1.html)
Categories
(Core :: JavaScript: GC, defect)
Core
JavaScript: GC
Tracking
()
RESOLVED
WORKSFORME
Tracking | Status | |
---|---|---|
firefox31 | --- | unaffected |
firefox32 | --- | fixed |
firefox33 | + | fixed |
People
(Reporter: jesup, Assigned: billm)
References
Details
(4 keywords)
+++ This bug was initially created as a clone of Bug #1017150 +++ Bug 1017150 or bug 1016738 appears to be the cause of the across-the-tree failures with memory trashing we're seeing, and especially ASAN and other failures in bug 1019934, bug 1018372, bug 1019533, bug 1022235 and others. https://tbpl.mozilla.org/?tree=Mozilla-Inbound&jobname=Ubuntu%20ASAN%20VM%2012.04%20x64%20mozilla-inbound%20opt%20test%20crashtest&fromchange=e808372ebbd4&tochange=313dee1cd228 and from the original landing: https://tbpl.mozilla.org/?rev=93c5b9181c84&tree=Mozilla-Inbound vs previous push: https://tbpl.mozilla.org/?rev=8105691cc616&tree=Mozilla-Inbound
Comment 1•10 years ago
|
||
Bill, I've just tried to back those two bugs out, but it doesn't apply cleanly - please can you do the backout? I'd prefer us to back this out and investigate after please :-)
Flags: needinfo?(wmccloskey)
Updated•10 years ago
|
Keywords: csectype-uaf,
sec-critical
Updated•10 years ago
|
Comment 2•10 years ago
|
||
While I don't fully understand the GC changes above, I suspect that the PeerConnection objects are being hit with this more than other places in the tree because of the rare combination of being JS-rooted and being kept alive by non-JS references (e.g., network resources) for a potentially significant period of time (think multiple seconds) after the page that created the PeerConnection is gone.
Updated•10 years ago
|
status-firefox33:
--- → affected
tracking-firefox33:
--- → +
Comment 3•10 years ago
|
||
Fixed by backout of bug 1016738.
Assignee: nobody → wmccloskey
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
Updated•10 years ago
|
Flags: needinfo?(wmccloskey)
Updated•10 years ago
|
tracking-firefox32:
? → ---
Comment 4•10 years ago
|
||
This is back again. See the two bugs depending on this one I just reopened.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Updated•10 years ago
|
Status: REOPENED → RESOLVED
Closed: 10 years ago → 10 years ago
Resolution: --- → WORKSFORME
Updated•10 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•