Closed Bug 1290314 Opened 3 years ago Closed 3 years ago

Use-after-free in mozilla::DataChannelConnection::SctpDtlsOutput

Categories

(Core :: WebRTC: Networking, defect, P1, critical)

x86
Windows 7
defect

Tracking

()

RESOLVED DUPLICATE of bug 1294095
Tracking Status
firefox48 --- unaffected
firefox49 --- affected
firefox50 --- affected

People

(Reporter: mccr8, Assigned: jesup)

Details

(Keywords: crash, csectype-uaf, sec-high)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-5fa0f5b1-4aef-4249-8492-c53052160725.
=============================================================

This is not a super common crash, but it looks like it is mostly happening on the jemalloc poison value, indicating a use-after-free.
I only see this on 49 and 50, so perhaps it is a regression.
This smells to like a regression caused by landing bug 1240209 in 49.
Assignee: nobody → rjesup
Rank: 10
Keywords: sec-high
Priority: -- → P1
Keywords: csectype-uaf
Group: core-security → media-core-security
No reports for any build after this landed (8/26 or so Trunk; 8/25ish Aurora 50, 49b7 or b8).  Appears to be a dup of bug 1294095 (and makes sense)
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1294095
Group: media-core-security
You need to log in before you can comment on or make changes to this bug.