Closed
Bug 1420348
Opened 7 years ago
Closed 7 years ago
Crash in mozilla::ipc::IProtocol::OtherPid called from dom::asmjscache::PAsmJSCacheEntryParent:::SendOnOpenCacheFile()
Categories
(Core :: IPC, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1331209
Tracking | Status | |
---|---|---|
firefox-esr52 | --- | unaffected |
firefox57 | --- | wontfix |
firefox58 | --- | fixed |
firefox59 | --- | unaffected |
People
(Reporter: jesup, Unassigned)
Details
(4 keywords, Whiteboard: [adv-main58-])
Crash Data
This bug was filed from the Socorro interface and is report bp-4498f8bf-2d80-464d-8dac-a80df0171122. ============================================================= Top 10 frames of crashing thread: 0 xul.dll mozilla::ipc::IProtocol::OtherPid ipc/glue/ProtocolUtils.cpp:468 1 xul.dll mozilla::dom::asmjscache::PAsmJSCacheEntryParent::SendOnOpenCacheFile ipc/ipdl/PAsmJSCacheEntryParent.cpp:72 2 xul.dll mozilla::dom::asmjscache::`anonymous namespace'::ParentRunnable::Run dom/asmjscache/AsmJSCache.cpp:930 3 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1039 4 xul.dll NS_ProcessNextEvent xpcom/threads/nsThreadUtils.cpp:521 5 xul.dll mozilla::ipc::MessagePumpForNonMainThreads::Run ipc/glue/MessagePump.cpp:368 6 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:319 7 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:299 8 xul.dll nsThread::ThreadFunc xpcom/threads/nsThread.cpp:427 9 nss3.dll _PR_NativeRunThread nsprpub/pr/src/threads/combined/pruthr.c:397 ============================================================= Note: other bugs appear in the OtherPid() signature; this appears to be the source of all or almost all of the UAF crashes. Frequency in 57 seems *way* up; we had 513 crashes in the last week, but only 22XX crashes in the last 6 months -> spike in 57. https://crash-stats.mozilla.com/signature/?product=Firefox&proto_signature=~SendOnOpenCacheFile&signature=mozilla%3A%3Aipc%3A%3AIProtocol%3A%3AOtherPid&date=%3E%3D2017-05-23T22%3A09%3A27.000Z&date=%3C2017-11-23T20%3A09%3A27.000Z&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&_columns=install_time&_sort=version&_sort=-date&page=1 It *looks* like the bug causing the spike started in 57b12 or perhaps in 57b99 billm/jimm: IPC, or push over to the AsmJS people?
Reporter | ||
Updated•7 years ago
|
Flags: needinfo?(wmccloskey)
Flags: needinfo?(jmathies)
Updated•7 years ago
|
Group: core-security → dom-core-security
Comment 1•7 years ago
|
||
Looks maybe-similar to bug 1331209?
Flags: needinfo?(jmathies) → needinfo?(luke)
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(wmccloskey)
Resolution: --- → DUPLICATE
Updated•6 years ago
|
Whiteboard: [adv-main58-]
Updated•6 years ago
|
Group: dom-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•