Closed
Bug 1382851
Opened 7 years ago
Closed 7 years ago
Invalid read @ libGLESv2.dll!rx::Image11::disassociateStorage()
Categories
(Core :: Graphics: CanvasWebGL, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla58
People
(Reporter: bc, Unassigned)
References
()
Details
(5 keywords, Whiteboard: [gfx-noted][fixed by bug 1371190][adv-main58+][post-critsmash-triage])
Crash Data
+++ This bug was initially created as a clone of Bug #1328762 +++
from bug 1328762 comment 45
attachment 8888403 [details]
crash report + log
During a retest of urls which have crashed in Bughunter since July 1, this crash was reproduced on Windows 7 32bit with build rv:56.0 20170719173022 on url:
https://sketchfab.com/models/67b90d3c88e244dc90917f46ef7ff9c5
exploitable rated this as high which fits with Crash address: 0xffffffffe5e5e621 and eax = 0xe5e5e5e5.
I would say this is the same as the original crash and this *isn't* fixed.
I've completed the retest for Windows 32bit builds and this was the only example of this crash I found so it is not very reproducible. I do not know on which branch this first appeared.
Note I do see a number of other crashes on sketchfab with stacks similar to ucrtbase.dll ucrtbase.dll ucrtbase.dll ucrtbase.dll rx::Image11::createStagingTexture in case that is interesting. I can provide more details if you need them.
Updated•7 years ago
|
Group: core-security → gfx-core-security
Updated•7 years ago
|
Flags: needinfo?(jgilbert)
Keywords: csectype-nullptr
Updated•7 years ago
|
status-firefox56:
--- → affected
We may need a full ANGLE update (in the works) for this then.
Comment 2•7 years ago
|
||
Milan, is there a bug we can hook p here for the angle update?
Flags: needinfo?(milan)
Updated•7 years ago
|
status-firefox57:
--- → ?
(In reply to Jim Mathies [:jimm] from comment #2)
> Milan, is there a bug we can hook up here for the angle update?
Bug 1371190. Not sure if we should set the dependency?
Flags: needinfo?(milan)
Updated•7 years ago
|
Updated•7 years ago
|
tracking-firefox57:
--- → +
Updated•7 years ago
|
status-firefox55:
--- → wontfix
tracking-firefox56:
--- → -
We don't want to land an ANGLE update in 57, stability being what it needs to be, so this will await 58.
Flags: needinfo?(jgilbert)
Updated•7 years ago
|
Comment 5•7 years ago
|
||
-> sec-high given the signature. We'll want to track for 58, and it would be best if we're ready to land at the start of 58 (unless security wants us to wait -- but an entire angle update isn't disclosing much, especially if landed on a bug of "Update Angle to X.Y"
Keywords: sec-critical → sec-high
Comment 6•7 years ago
|
||
Hey Jeff, I noticed the ANGLE update in bug 1371190 is waiting for your review and we want this early in the 58 cycle.
Can you help us moving this along?
(Commenting in this separate security bug, so we don't draw extra attention in the bug)
Flags: needinfo?(jgilbert)
Comment 7•7 years ago
|
||
(In reply to Frederik Braun [:freddyb] from comment #6)
> Hey Jeff, I noticed the ANGLE update in bug 1371190 is waiting for your
> review and we want this early in the 58 cycle.
> Can you help us moving this along?
>
> (Commenting in this separate security bug, so we don't draw extra attention
> in the bug)
It is moving.
Flags: needinfo?(jgilbert)
Updated•7 years ago
|
Priority: -- → P2
Whiteboard: [gfx-noted]
Reporter | ||
Comment 8•7 years ago
|
||
fwiw, I retested a number of urls where this reproduced. I do not see this on Nightly/58 but do on Beta/57 where the angle update hasn't happened. I think we can call this fixed by bug 1371190.
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox58:
--- → fixed
status-firefox-esr52:
--- → ?
Resolution: --- → FIXED
Whiteboard: [gfx-noted] → [gfx-noted][fixed by bug 1371190]
Target Milestone: --- → mozilla58
Updated•7 years ago
|
Updated•7 years ago
|
Group: gfx-core-security → core-security-release
Updated•7 years ago
|
Whiteboard: [gfx-noted][fixed by bug 1371190] → [gfx-noted][fixed by bug 1371190][adv-main58+]
Updated•7 years ago
|
Flags: qe-verify-
Whiteboard: [gfx-noted][fixed by bug 1371190][adv-main58+] → [gfx-noted][fixed by bug 1371190][adv-main58+][post-critsmash-triage]
Updated•6 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•