Closed Bug 1258079 Opened 4 years ago Closed 3 years ago
_media Decoding .html | application crashed [@ mozilla::Off The Books Mutex::Lock]
7.05 KB, text/plain
960 bytes, patch
|Details | Diff | Splinter Review|
Possibly a dup
Component: Web Audio → Audio/Video: MediaStreamGraph
Priority: -- → P1
Fwiw, I got this while running crashtests on Try.
Matt - that's a totally different bug; it's deadlocking in ObservedDocShell::ClearMarkers(), locking mOffTheMainThreadTimelineMarkers. Please file a bug in that component
Flags: needinfo?(rjesup) → needinfo?(mats)
Filed bug 1278588.
Closing since this has an e5e5 signature (UAF)
Attachment #8760912 - Flags: review?(padenot)
Attachment #8760912 - Flags: review?(padenot) → review+
Comment on attachment 8760912 [details] [diff] [review] hold a ref to the GraphDriver during initialization [Security approval request comment] How easily could an exploit be constructed based on the patch? Tough. Very timing-related; seen once in automation. Perhaps not impossible though. Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem? Not beyond typical "made something a refptr on a sec bug" Which older supported branches are affected by this flaw? all If not all supported branches, which bug introduced the flaw? 34 Do you have backports for the affected branches? If not, how different, hard to create, and risky will they be? Trivial, safe How likely is this patch to cause regressions; how much testing does it need? most likely regression would be a leak (and not very likely). Green try.
This has sec-approval+ for checkin into trunk on June 21. After that we will want branch patches made and nominated for affected branches.
Attachment #8760912 - Flags: sec-approval? → sec-approval+
Hi Al, should I consider including this as a ride-along in a 47 dot release? So far there are no dot release drivers but we might end up doing a dot release the week of 6/20 for the Selenium WebDriver issue.
Ritu, this is a one line change so it would probably be ok for ride along.
Whiteboard: [checkin on 6/11] → [checkin on 6/21]
(In reply to Al Billings [:abillings] from comment #11) > Ritu, this is a one line change so it would probably be ok for ride along. Ok. Thanks Al! Let me include it in my list of 47 ride-alongs.
If we are going to include this in a 47 dot release, do we also need to do an esr dot release? Or can this wait until 47.4.0esr?
Hi Paul, both Jesup and Maire are on PTO until July 5th. Is this something that is safe enough to be included in a 47 dot release? I am considering taking this one as a ride-along. Please let me know.
For sure, yes.
Whiteboard: [checkin on 6/21]
Comment on attachment 8760912 [details] [diff] [review] hold a ref to the GraphDriver during initialization Let's take it on all branches! Should be in 48 beta 3 and 45.3.0!
Attachment #8760912 - Flags: approval-mozilla-esr45?
Attachment #8760912 - Flags: approval-mozilla-esr45+
Attachment #8760912 - Flags: approval-mozilla-beta?
Attachment #8760912 - Flags: approval-mozilla-beta+
Attachment #8760912 - Flags: approval-mozilla-aurora?
Attachment #8760912 - Flags: approval-mozilla-aurora+
Whiteboard: [post-critsmash-triage] → [post-critsmash-triage][adv-main48+][adv-esr45.3+]
You need to log in before you can comment on or make changes to this bug.