This was found while fuzzing graphite2 1.3.5 (and is in 1.3.4) This is likely sec-critical.
Tracking since this likely affects all channels including esr38 and it's sec-critical.
status-firefox45: --- → affected
status-firefox46: --- → affected
status-firefox47: --- → affected
status-firefox-esr38: --- → affected
tracking-firefox45: --- → +
tracking-firefox46: --- → +
tracking-firefox47: --- → +
tracking-firefox-esr38: --- → ?
There's a patch in bug 1243843 (awaiting testing) that may well fix this.
fixed upstream in a8b3ac2aed0eb132cd80efe7de88f8153e73c829
Does that mean we can close this bug? Tyson can you or someone else verify this is fixed?
(In reply to Liz Henry (:lizzard) (needinfo? me) from comment #8) > Does that mean we can close this bug? Tyson can you or someone else verify > this is fixed? I believe so based on Martin's comment, but would appreciate having it verified on our latest builds.
This crash is still reproducible with the latest fixes (e569e28d83491fedb31b9220493f3c07f6ec6d80)
Martin, can you look into this again, please?
I have a potential fix, needs review internally. Should be fixed in 24hrs. This bug would be hard to make anything of.
This and all friends fixed upstream. Sorry, I forgot to do asan testing last time around :( This time they all run asan clean on 64bit.
Fixed upstream in 703cbd0c5bd23f39ff24d5d2a525b18658cdb59a
Verified with graphite revision c8450dbaa160be5c939d9abb5cfe01284e22b45f
Status: NEW → RESOLVED
Last Resolved: 3 years ago
status-firefox45: affected → fixed
status-firefox46: affected → fixed
status-firefox47: affected → fixed
status-firefox-esr38: affected → fixed
Depends on: 1252311
Resolution: --- → FIXED
tracking-firefox-esr38: ? → 45+
You need to log in before you can comment on or make changes to this bug.