1408157 - Crash in xul.dll@0x2fa56f8 | mozilla::dom::CoalescedMouseMoveFlusher::WillRefresh

Status: RESOLVED FIXED

(Core :: DOM: Events, defect, P1)

Description

[Marcia Knous [:marcia]]

This bug was filed from the Socorro interface and is 
report bp-67166a47-2b8e-46ad-8d65-811520171012.
=============================================================

Seen while looking at crash stats. Several crashes: http://bit.ly/2g57KiD, Windows and Linux are affected.

Comment 1

[Hsin-Yi Tsai (she/her) [:hsinyi]]

The line crashed at was added in 1361067. Stone, please take a look. Also, this won't affect 57 as bug 1361067 is disabled in 57, right?

Comment 2

[Ming-Chou Shih [:stone]]

(In reply to Hsin-Yi Tsai [:hsinyi] from comment #1)
> The line crashed at was added in 1361067. Stone, please take a look. Also,
> this won't affect 57 as bug 1361067 is disabled in 57, right?

Yes. This won't affect 57.

Comment 3

[Ming-Chou Shih [:stone]]

The call stacks are similar to bug 1407700. I think we could keep an eye on it after landing the patches of bug 1407700.

Comment 4

[Randell Jesup [:jesup] (needinfo me)]

Many if not all of the crashes are EXEC crashes to wildptr (looks like reused memory) addresses.   Some appear to possibly be strings.  This implies that it can easily be made to execute using a pointer (vtbl likely) in reallocated memory, which is very dangerous.

Comment 5

[Ming-Chou Shih [:stone]]

No crash happened with a build later than 20171019100107. I think this is caused by the same problem of bug 1407700 so close it. Didn't associate this with bug 1407700 because it is not marked as a security bug.