Closed
Bug 1239728
Opened 8 years ago
Closed 8 years ago
segv at unknown address below SetPixel
Categories
(Core :: Graphics: ImageLib, defect)
Core
Graphics: ImageLib
Tracking
()
RESOLVED
DUPLICATE
of bug 1238551
| Tracking | Status | |
|---|---|---|
| firefox46 | --- | affected |
People
(Reporter: aki.helin, Unassigned)
Details
Attachments
(1 file)
|
64 bytes,
image/png
|
Details |
setpixel.bmp
Recent asan tinderbox builds report the following error when the attached image is opened in Firefox. The address moved when the repro was modified, so this doesn't seem to be a typical usually harmless null + fixed offset.
==19767==ERROR: AddressSanitizer: SEGV on unknown address 0x00000004ab00 (pc 0x7f605796ccb4 sp 0x7f603afb0180 bp 0x7f603afb02b0 T19)
#0 0x7f605796ccb3 in SetPixel /builds/slave/m-aurora-l64-asan-000000000000/build/src/image/decoders/nsBMPDecoder.cpp:136
#1 0x7f605796ccb3 in FinishInternal /builds/slave/m-aurora-l64-asan-000000000000/build/src/image/decoders/nsBMPDecoder.cpp:239
#2 0x7f605791cbb0 in CompleteDecode /builds/slave/m-aurora-l64-asan-000000000000/build/src/image/Decoder.cpp:196
#3 0x7f605791b8d8 in Decode /builds/slave/m-aurora-l64-asan-000000000000/build/src/image/Decoder.cpp:122
#4 0x7f605791b242 in Decode /builds/slave/m-aurora-l64-asan-000000000000/build/src/image/DecodePool.cpp:455
#5 0x7f605793967c in Run /builds/slave/m-aurora-l64-asan-000000000000/build/src/image/DecodePool.cpp:281
#6 0x7f605586c964 in ProcessNextEvent /builds/slave/m-aurora-l64-asan-000000000000/build/src/xpcom/threads/nsThread.cpp:964
#7 0x7f60558e5e3a in NS_ProcessNextEvent /builds/slave/m-aurora-l64-asan-000000000000/build/src/xpcom/glue/nsThreadUtils.cpp:297
#8 0x7f60561f739f in Run /builds/slave/m-aurora-l64-asan-000000000000/build/src/ipc/glue/MessagePump.cpp:326
#9 0x7f60561646cc in RunInternal /builds/slave/m-aurora-l64-asan-000000000000/build/src/ipc/chromium/src/base/message_loop.cc:234
#10 0x7f60561646cc in RunHandler /builds/slave/m-aurora-l64-asan-000000000000/build/src/ipc/chromium/src/base/message_loop.cc:227
#11 0x7f60561646cc in Run /builds/slave/m-aurora-l64-asan-000000000000/build/src/ipc/chromium/src/base/message_loop.cc:201
#12 0x7f60558685af in ThreadFunc /builds/slave/m-aurora-l64-asan-000000000000/build/src/xpcom/threads/nsThread.cpp:376
#13 0x7f60630714b5 in _pt_root /builds/slave/m-aurora-l64-asan-000000000000/build/src/nsprpub/pr/src/pthreads/ptthread.c:212
#14 0x7f60636b0181 in start_thread /build/buildd/eglibc-2.19/nptl/pthread_create.c:312 (discriminator 2)
#15 0x7f605325447c in clone /build/buildd/eglibc-2.19/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:111
|
||
Comment 1•8 years ago
|
||
This appears to be a duplicate.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
|
||
Comment 2•8 years ago
|
||
Aki: could you verify whether this looks fixed to you, or if you want us to reopen it?
Flags: needinfo?(aki.helin)
|
|
||
Updated•8 years ago
|
Group: core-security → core-security-release
|
|
||
Updated•6 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•