Closed
Bug 1239728
Opened 8 years ago
Closed 8 years ago
segv at unknown address below SetPixel
Categories
(Core :: Graphics: ImageLib, defect)
Core
Graphics: ImageLib
Tracking
()
RESOLVED
DUPLICATE
of bug 1238551
Tracking | Status | |
---|---|---|
firefox46 | --- | affected |
People
(Reporter: aki.helin, Unassigned)
Details
Attachments
(1 file)
64 bytes,
image/png
|
Details |
Recent asan tinderbox builds report the following error when the attached image is opened in Firefox. The address moved when the repro was modified, so this doesn't seem to be a typical usually harmless null + fixed offset. ==19767==ERROR: AddressSanitizer: SEGV on unknown address 0x00000004ab00 (pc 0x7f605796ccb4 sp 0x7f603afb0180 bp 0x7f603afb02b0 T19) #0 0x7f605796ccb3 in SetPixel /builds/slave/m-aurora-l64-asan-000000000000/build/src/image/decoders/nsBMPDecoder.cpp:136 #1 0x7f605796ccb3 in FinishInternal /builds/slave/m-aurora-l64-asan-000000000000/build/src/image/decoders/nsBMPDecoder.cpp:239 #2 0x7f605791cbb0 in CompleteDecode /builds/slave/m-aurora-l64-asan-000000000000/build/src/image/Decoder.cpp:196 #3 0x7f605791b8d8 in Decode /builds/slave/m-aurora-l64-asan-000000000000/build/src/image/Decoder.cpp:122 #4 0x7f605791b242 in Decode /builds/slave/m-aurora-l64-asan-000000000000/build/src/image/DecodePool.cpp:455 #5 0x7f605793967c in Run /builds/slave/m-aurora-l64-asan-000000000000/build/src/image/DecodePool.cpp:281 #6 0x7f605586c964 in ProcessNextEvent /builds/slave/m-aurora-l64-asan-000000000000/build/src/xpcom/threads/nsThread.cpp:964 #7 0x7f60558e5e3a in NS_ProcessNextEvent /builds/slave/m-aurora-l64-asan-000000000000/build/src/xpcom/glue/nsThreadUtils.cpp:297 #8 0x7f60561f739f in Run /builds/slave/m-aurora-l64-asan-000000000000/build/src/ipc/glue/MessagePump.cpp:326 #9 0x7f60561646cc in RunInternal /builds/slave/m-aurora-l64-asan-000000000000/build/src/ipc/chromium/src/base/message_loop.cc:234 #10 0x7f60561646cc in RunHandler /builds/slave/m-aurora-l64-asan-000000000000/build/src/ipc/chromium/src/base/message_loop.cc:227 #11 0x7f60561646cc in Run /builds/slave/m-aurora-l64-asan-000000000000/build/src/ipc/chromium/src/base/message_loop.cc:201 #12 0x7f60558685af in ThreadFunc /builds/slave/m-aurora-l64-asan-000000000000/build/src/xpcom/threads/nsThread.cpp:376 #13 0x7f60630714b5 in _pt_root /builds/slave/m-aurora-l64-asan-000000000000/build/src/nsprpub/pr/src/pthreads/ptthread.c:212 #14 0x7f60636b0181 in start_thread /build/buildd/eglibc-2.19/nptl/pthread_create.c:312 (discriminator 2) #15 0x7f605325447c in clone /build/buildd/eglibc-2.19/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:111
Comment 1•8 years ago
|
||
This appears to be a duplicate.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Comment 2•8 years ago
|
||
Aki: could you verify whether this looks fixed to you, or if you want us to reopen it?
Flags: needinfo?(aki.helin)
Updated•8 years ago
|
Group: core-security → core-security-release
Updated•6 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•