Closed
Bug 1387531
Opened 7 years ago
Closed 7 years ago
stylo: AddressSanitizer: SEGV on unknown address 0x000000001460 | AddressSanitizer: heap-use-after-free on address 0x61a000a6f2a8
Categories
(Core :: CSS Parsing and Computation, defect, P1)
Core
CSS Parsing and Computation
Tracking
()
RESOLVED
DUPLICATE
of bug 1384824
People
(Reporter: bc, Unassigned)
References
()
Details
Attachments
(2 files)
Seen on 3 urls with most frequent/reliable to less frequent/less reliable: http://m.cda.pl/video/p3 http://www.dailymotion.com/video/kAxSRBPLcZ179VkLOoh http://www.dailymotion.com/video/x54vg5j export STYLO_FORCE_ENABLED=1 1. Load url in asan build 2. Wait a bit... 60 seconds 3. Crash Pretty reliably get: ==19256==ERROR: AddressSanitizer: SEGV on unknown address 0x000000001460 (pc 0x7fe50f27acef bp 0x7ffd7d53cd70 sp 0x7ffd7d53cd30 T0) ==19256==The signal is caused by a READ memory access. #0 0x7fe50f27acee in Get /home/worker/workspace/build/src/xpcom/ds/PLDHashTable.h:228:26 ...
Reporter | ||
Comment 1•7 years ago
|
||
1. Install Spider https://bclary.com/projects/spider/spider-0.1.0.5-an+fn+fx+sm+tb.xpi 2. firefox -spider -start -quit -url <url> 3. ==18403==ERROR: AddressSanitizer: heap-use-after-free on address 0x61a000a6f2a8 at pc 0x7fdba70815e0 bp 0x7ffc51a73d40 sp 0x7ffc51a73d38 READ of size 8 at 0x61a000a6f2a8 thread T0 #0 0x7fdba70815df in PresShell /home/worker/workspace/build/src/obj-firefox/dist/include/nsPresContext.h:171:12 This is less reliable. Often, the previous SEGV will be hit. I think setting export STYLO_THREADS=8 will help reproduce this.
Updated•7 years ago
|
Priority: -- → P1
Summary: [stylo] AddressSanitizer: SEGV on unknown address 0x000000001460 | AddressSanitizer: heap-use-after-free on address 0x61a000a6f2a8 → stylo: AddressSanitizer: SEGV on unknown address 0x000000001460 | AddressSanitizer: heap-use-after-free on address 0x61a000a6f2a8
Updated•7 years ago
|
Group: core-security → layout-core-security
Comment 2•7 years ago
|
||
This is the arena refptr stuff... Manish and Cam could help faster than I I guess...
Comment 3•7 years ago
|
||
This seems to be related to bug 1384824, might want to wait for those patches to get through.
Depends on: 1384824
Updated•7 years ago
|
Component: General → CSS Parsing and Computation
Comment 4•7 years ago
|
||
Does this still reproduce now that bug 1384824 is fixed?
Flags: needinfo?(bob)
Reporter | ||
Comment 5•7 years ago
|
||
No. I submitted http://m.cda.pl/video/p3 http://www.dailymotion.com/video/kAxSRBPLcZ179VkLOoh http://www.dailymotion.com/video/x54vg5j multiple times and did not reproduce at all. WFM or FIXED?
Flags: needinfo?(bob)
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Updated•4 years ago
|
Group: layout-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•