Closed
Bug 1413033
Opened 8 years ago
Closed 7 years ago
Crash in js::ZoneGroup::enter called from AutoJSAPI::InitInternal()
Categories
(Core :: JavaScript Engine, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla61
People
(Reporter: jesup, Assigned: jandem)
References
Details
(5 keywords, Whiteboard: [adv-main61+][post-critsmash-triage])
Crash Data
+++ This bug was initially created as a clone of Bug #1394223 +++
A second bug with this signature, called from dom::AutoJSAPI::InitInternal() via emplace()
Crashes are a mix of wildptrs and UAFs, and include EXEC crashes on wildptr's -> sec-critical
|
Reporter | |
Comment 1•8 years ago
|
||
https://crash-stats.mozilla.com/signature/?proto_signature=~InitInternal&signature=js%3A%3AZoneGroup%3A%3Aenter&date=%3E%3D2017-07-30T11%3A18%3A30.000Z&date=%3C2017-10-30T11%3A18%3A30.000Z&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&_columns=install_time&_sort=-date&page=1
Crashes start with 55.0.1, though only one crash there. A bunch in 57, and one in 58.
status-firefox56:
--- → affected
status-firefox57:
--- → affected
status-firefox-esr52:
--- → unaffected
Flags: needinfo?(nihsanullah)
|
||
Updated•8 years ago
|
Group: core-security → javascript-core-security
|
||
Updated•8 years ago
|
Keywords: sec-critical → sec-high
|
||
Comment 2•8 years ago
|
||
Too late for 56, may be too late for 57 as we are heading into the RC build on Monday.
|
|
||
Comment 3•8 years ago
|
||
P1 is probably not right for a low volume crash; clearing for re-triage.
Priority: P1 → --
|
||
Updated•8 years ago
|
Priority: -- → P2
|
|
||
Updated•8 years ago
|
Assignee: nobody → kvijayan
|
||
Comment 5•8 years ago
|
||
Kannan, any updates on this bug? The needinfo has been pending for quite some time.
|
||
Updated•8 years ago
|
|
|
||
Updated•7 years ago
|
|
|
||
Comment 6•7 years ago
|
||
This bug has been left without any proper developer attention for almost half a year.
Steven, can you help assign this to someone with more bandwidth to fix it?
Flags: needinfo?(sdetar)
|
Assignee | |
Comment 7•7 years ago
|
||
Bug 1449135 removed ZoneGroup::enter so this signature is gone.
Assignee: kvijayan → jdemooij
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(sdetar)
Flags: needinfo?(nihsanullah)
Flags: needinfo?(kvijayan)
Resolution: --- → FIXED
|
|
||
Updated•7 years ago
|
|
|
||
Updated•7 years ago
|
Group: javascript-core-security → core-security-release
|
||
Updated•7 years ago
|
Whiteboard: [adv-main61+]
|
||
Updated•7 years ago
|
Flags: qe-verify-
Whiteboard: [adv-main61+] → [adv-main61+][post-critsmash-triage]
|
|
||
Updated•7 years ago
|
status-firefox-esr60:
--- → wontfix
|
|
||
Updated•6 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•