Closed Bug 1368315 Opened 3 years ago Closed 3 years ago

Crash in mozilla::layers::APZCTreeManager::ReceiveInputEvent

Categories

(Core :: Panning and Zooming, defect, P2, critical)

55 Branch
x86
Windows 10
defect

Tracking

()

RESOLVED FIXED
mozilla55
Tracking Status
firefox-esr52 --- unaffected
firefox53 --- unaffected
firefox54 --- unaffected
firefox55 --- fixed

People

(Reporter: calixte, Assigned: botond)

References

(Blocks 1 open bug)

Details

(Keywords: crash, regression, Whiteboard: [gfx-noted][clouseau])

Crash Data

Attachments

(1 file)

This bug was filed from the Socorro interface and is 
report bp-c5855478-1dc9-4d8a-b0c6-3e4430170527.
=============================================================

There is 1 crash in nightly 55 with buildid 20170526030203. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1352863.

[1] https://hg.mozilla.org/mozilla-central/rev?node=f3a6eadd0a977a588b5076ece395e1e2f2929167
Flags: needinfo?(botond)
Thanks. This is actually a regression from bug 1349750, which introduced this code (bug 1352863 just moved it around a bit).

The problem is that we're calling ConfirmDragBlock() and then dragBlock->SetContentResponse(), but ConfirmDragBlock() can potentially process and consume the block. We need to call SetContentResponse() first.

Patch coming up.
Assignee: nobody → botond
Flags: needinfo?(botond)
Blocks: 1349750
No longer blocks: 1352863
Comment on attachment 8872372 [details]
Bug 1368315 - Avoid calling SetContentResponse() on an already-consumed drag block.

https://reviewboard.mozilla.org/r/143860/#review147608
Attachment #8872372 - Flags: review?(bugmail) → review+
Priority: -- → P2
Whiteboard: [clouseau] → [gfx-noted][clouseau]
Some crashes adresses indicate an UAF, so marking it as security sensitive.
Group: core-security
https://hg.mozilla.org/mozilla-central/rev/c516c8e50993
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
Group: core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.