Closed
Bug 1421529
Opened 7 years ago
Closed 7 years ago
Crash in PLDHashTable::Search | nsTHashtable<T>::Contains | mozilla::dom::ContentParent::EnsurePermissionsByKey
Categories
(Core :: IPC, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1415158
Tracking | Status | |
---|---|---|
firefox-esr52 | --- | unaffected |
firefox57 | --- | affected |
People
(Reporter: jesup, Unassigned)
Details
(Keywords: crash, csectype-uaf, sec-high)
Crash Data
This bug was filed from the Socorro interface and is report bp-e2c26d6f-d6fa-4281-88d1-8e88f0171128. ============================================================= Top 10 frames of crashing thread: 0 xul.dll PLDHashTable::Search xpcom/ds/PLDHashTable.cpp:531 1 xul.dll nsTHashtable<nsCStringHashKey>::Contains xpcom/ds/nsTHashtable.h:144 2 xul.dll mozilla::dom::ContentParent::EnsurePermissionsByKey dom/ipc/ContentParent.cpp:5173 3 xul.dll mozilla::dom::ContentParent::TransmitPermissionsForPrincipal dom/ipc/ContentParent.cpp:5154 4 xul.dll mozilla::dom::ContentParent::AboutToLoadHttpFtpWyciwygDocumentForChild dom/ipc/ContentParent.cpp:5133 5 xul.dll mozilla::net::WyciwygChannelParent::OnStartRequest netwerk/protocol/wyciwyg/WyciwygChannelParent.cpp:329 6 xul.dll nsWyciwygChannel::NotifyListener netwerk/protocol/wyciwyg/nsWyciwygChannel.cpp:807 7 xul.dll mozilla::detail::RunnableMethodImpl<mozilla::net::CacheFileIOManager*, nsresult xpcom/threads/nsThreadUtils.h:1192 8 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1039 9 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:97 ============================================================= First report in last 3 months was in 57.0b3 Does not appear to be the same as bug 1349634 crashes are all UAFs or nullptr+offset. There are 3 or 4 different offsets though; I wonder if something is sometimes freeing this item on another thread while the code is looking at it from MainThread. Probably notthe cause, though
Reporter | ||
Updated•7 years ago
|
Group: core-security
Updated•7 years ago
|
Group: core-security → dom-core-security
Comment 1•7 years ago
|
||
I looked at the proto signatures for these crashes, and they are all along the lines of the stack in comment 0, with Wyciwyg stuff. Nika, any ideas? It looks like you wrote this code. Thanks.
Flags: needinfo?(nika)
Comment 2•7 years ago
|
||
Pretty sure this is the same as bug 1415158
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(nika)
Resolution: --- → DUPLICATE
Updated•4 years ago
|
Group: dom-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•