Closed
Bug 1290314
Opened 3 years ago
Closed 3 years ago
Use-after-free in mozilla::DataChannelConnection::SctpDtlsOutput
Categories
(Core :: WebRTC: Networking, defect, P1, critical)
Tracking
()
RESOLVED
DUPLICATE
of bug 1294095
| Tracking | Status | |
|---|---|---|
| firefox48 | --- | unaffected |
| firefox49 | --- | affected |
| firefox50 | --- | affected |
People
(Reporter: mccr8, Assigned: jesup)
Details
(Keywords: crash, csectype-uaf, sec-high)
Crash Data
This bug was filed from the Socorro interface and is report bp-5fa0f5b1-4aef-4249-8492-c53052160725. ============================================================= This is not a super common crash, but it looks like it is mostly happening on the jemalloc poison value, indicating a use-after-free.
|
Reporter | |
Comment 1•3 years ago
|
||
I only see this on 49 and 50, so perhaps it is a regression.
status-firefox48:
--- → unaffected
status-firefox49:
--- → affected
|
||
Comment 2•3 years ago
|
||
This smells to like a regression caused by landing bug 1240209 in 49.
|
Assignee | |
Updated•3 years ago
|
|
|
Reporter | |
Updated•3 years ago
|
Keywords: csectype-uaf
|
||
Updated•3 years ago
|
Group: core-security → media-core-security
|
|
Assignee | |
Comment 3•3 years ago
|
||
No reports for any build after this landed (8/26 or so Trunk; 8/25ish Aurora 50, 49b7 or b8). Appears to be a dup of bug 1294095 (and makes sense)
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1294095
|
|
||
Updated•2 years ago
|
Group: media-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•