Closed
Bug 1274579
Opened 9 years ago
Closed 8 years ago
"ASSERTION: aPos out of range" and heap-buffer-overflow with writing-mode, adjacent whitespace text nodes
Categories
(Core :: Graphics: Text, defect)
Core
Graphics: Text
Tracking
()
RESOLVED
DUPLICATE
of bug 1275059
Tracking | Status | |
---|---|---|
firefox49 | --- | affected |
People
(Reporter: jruderman, Unassigned)
References
Details
(5 keywords)
Attachments
(3 files)
Debug:
> ###!!! ASSERTION: aPos out of range: 'aPos < GetLength()', file gfxTextRun.h, line 117
ASan:
> AddressSanitizer: heap-buffer-overflow [@ nsTextFrame::AddInlineMinISizeForFlow] with READ of size 4
Reporter | ||
Comment 1•9 years ago
|
||
Reporter | ||
Comment 2•9 years ago
|
||
Updated•8 years ago
|
Keywords: csectype-bounds,
sec-high
Comment 4•8 years ago
|
||
I think this is a dupe of a bug that Xidorn fixed recently; will try to confirm shortly. Leaving ni? for now, till I track that down...
Flags: needinfo?(jfkthame)
Updated•8 years ago
|
Flags: needinfo?(jfkthame)
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Flags: needinfo?(jfkthame)
Resolution: --- → DUPLICATE
Updated•6 years ago
|
Group: gfx-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•