Closed Bug 1401133 Opened 7 years ago Closed 7 years ago

UAF crash in mozilla::dom::workers::WorkerPrivateParent<T>::DispatchPrivate

Categories

(Core :: DOM: Workers, defect)

Product:
Core
Component:
DOM: Workers
Version:
55 Branch
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1371889

People

(Reporter: jcristau, Unassigned)

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-4ac40ad9-c4a6-48c9-bd95-e26c00170919.
=============================================================

0 	xul.dll 	mozilla::dom::workers::WorkerPrivateParent<mozilla::dom::workers::WorkerPrivate>::DispatchPrivate(already_AddRefed<mozilla::dom::workers::WorkerRunnable>, nsIEventTarget*) 	dom/workers/WorkerPrivate.cpp:2851
1 	xul.dll 	mozilla::dom::workers::WorkerPrivateParent<mozilla::dom::workers::WorkerPrivate>::Dispatch(already_AddRefed<mozilla::dom::workers::WorkerRunnable>) 	obj-firefox/dist/include/mozilla/dom/WorkerPrivate.h:326
2 	xul.dll 	mozilla::dom::workers::WorkerRunnable::DispatchInternal() 	dom/workers/WorkerRunnable.cpp:111
3 	xul.dll 	mozilla::dom::workers::WorkerRunnable::Dispatch() 	dom/workers/WorkerRunnable.cpp:95
4 	xul.dll 	mozilla::dom::`anonymous namespace'::ConsumeBodyDoneObserver<mozilla::dom::Response>::OnStreamComplete 	dom/fetch/Fetch.cpp:1012
5 	xul.dll 	mozilla::net::nsStreamLoader::OnStopRequest(nsIRequest*, nsISupports*, nsresult) 	netwerk/base/nsStreamLoader.cpp:105
6 	xul.dll 	nsInputStreamPump::OnStateStop() 	netwerk/base/nsInputStreamPump.cpp:734
7 	xul.dll 	nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) 	netwerk/base/nsInputStreamPump.cpp:448
8 	xul.dll 	nsInputStreamReadyEvent::Run() 	xpcom/io/nsStreamUtils.cpp:96
9 	xul.dll 	mozilla::ThrottledEventQueue::Inner::ExecuteRunnable() 	xpcom/threads/ThrottledEventQueue.cpp:190
10 	xul.dll 	mozilla::ThrottledEventQueue::Inner::Executor::Run() 	xpcom/threads/ThrottledEventQueue.cpp:74
11 	xul.dll 	mozilla::ThrottledEventQueue::Inner::ExecuteRunnable() 	xpcom/threads/ThrottledEventQueue.cpp:190
12 	xul.dll 	mozilla::ThrottledEventQueue::Inner::Executor::Run() 	xpcom/threads/ThrottledEventQueue.cpp:74
13 	xul.dll 	nsThread::ProcessNextEvent(bool, bool*) 	xpcom/threads/nsThread.cpp:1418

This is spiking on 55.0.2 (Fennec) and 55.0.3 (desktop) in the last few days, with thousands of crashes.  No crashes in 56.0bX, so maybe this is already fixed there?

Filing just in case, because crash-stats correlations tab says:
(67.77% in signature vs 00.54% overall) address = 0xffffffffe5e5e615
Yes, this has been fixed by bug 1371889.
OK, thanks.
Status: NEW → RESOLVED
Closed: 7 years ago
Component: DOM: Service Workers → DOM: Workers
Resolution: --- → DUPLICATE
Group: dom-core-security
You need to log in before you can comment on or make changes to this bug.