Closed
Bug 1424126
Opened 7 years ago
Closed 4 years ago
Crash: MEH: malicious process?
Categories
(Core :: Graphics: WebRender, defect, P3)
Tracking
()
RESOLVED
WORKSFORME
Tracking | Status | |
---|---|---|
firefox-esr52 | --- | unaffected |
firefox-esr60 | --- | unaffected |
firefox57 | --- | unaffected |
firefox58 | --- | unaffected |
firefox59 | --- | disabled |
firefox60 | --- | disabled |
firefox61 | --- | disabled |
firefox62 | --- | disabled |
firefox63 | --- | disabled |
firefox64 | --- | affected |
People
(Reporter: jan, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, nightly-community)
Crash Data
Seen on Socorro. bp-2c05a2aa-d84c-4a2d-aab3-9c75f0171204 Build 20171204100103 (2017-12-04) @ macOS > MEH: malicious process?: Custom("invalid value: integer `3857049061`, expected variant index 0 <= i < 19") > 0 libmozglue.dylib mozalloc_abort(char const*) memory/mozalloc/mozalloc_abort.cpp:33 > 1 libmozglue.dylib abort memory/mozalloc/mozalloc_abort.cpp:80 > 2 XUL std::panicking::rust_panic src/libpanic_abort/lib.rs:59 > 3 XUL std::panicking::rust_panic_with_hook src/libstd/panicking.rs:593 > 4 XUL std::panicking::begin_panic<alloc::string::String> src/libstd/panicking.rs:538 > 5 XUL std::panicking::begin_panic_fmt src/libstd/panicking.rs:522 > 6 XUL core::panicking::panic_fmt src/libstd/panicking.rs:498 > 7 XUL core::result::unwrap_failed<alloc::boxed::Box<bincode::internal::ErrorKind>> src/libcore/macros.rs:23 > 8 XUL webrender_api::display_list::{{impl}}::next src/libcore/result.rs:799 > 9 XUL webrender::frame::{{impl}}::flatten_root gfx/webrender/src/frame.rs:150 > 10 XUL webrender::frame::{{impl}}::flatten_item gfx/webrender/src/frame.rs:368 > 11 XUL webrender::frame::{{impl}}::flatten_item gfx/webrender/src/frame.rs:159 > 12 XUL webrender::frame::{{impl}}::flatten_root gfx/webrender/src/frame.rs:159 > 13 XUL webrender::render_backend::{{impl}}::build_scene gfx/webrender/src/frame.rs:1151 > 14 XUL webrender::render_backend::{{impl}}::process_document gfx/webrender/src/render_backend.rs:292 > 15 XUL webrender::render_backend::{{impl}}::run gfx/webrender/src/render_backend.rs:491 > 16 XUL std::sys_common::backtrace::__rust_begin_short_backtrace<closure, ()> gfx/webrender/src/renderer.rs:1975 > 17 XUL alloc::boxed::{{impl}}::call_box<(), closure> src/libstd/thread/mod.rs:400 > 18 XUL std::sys::imp::thread::{{impl}}::new::thread_start src/liballoc/boxed.rs:736 > 19 libsystem_pthread.dylib _pthread_body > 20 libsystem_pthread.dylib _pthread_start > 21 libsystem_pthread.dylib thread_start > 22 XUL XUL@0x444917f
Comment 1•7 years ago
|
||
Well, at least we're catching the corruption properly in the backend (;>.>) Hard to say what this could be without a test page.
Updated•7 years ago
|
Whiteboard: [wr-mvp] [triage]
Comment 2•7 years ago
|
||
There's only the one crash of this kind (there's two reports in crash-stats but they appear to be identical). However, the value `3857049061` is 0xE5E5E5E5 which is jemalloc fills in for freed memory. so this is really a use-after-free instance which is bad news. Hopefully it doesn't come back.
Updated•6 years ago
|
Blocks: stage-wr-trains
Priority: -- → P3
Reporter | ||
Comment 3•6 years ago
|
||
(In reply to Kartikaya Gupta (email:kats@mozilla.com) from comment #2) > Hopefully it doesn't come back. It came back. https://crash-stats.mozilla.com/search/?moz_crash_reason=~MEH%3A%20malicious%20process%3F&date=%3E%3D2018-01-20T19%3A38%3A43.000Z&date=%3C2018-04-20T20%3A38%3A43.000Z&_sort=-date&_facets=signature&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#crash-reports The last one so far: bp-12909d01-6105-4d64-a5fd-877270180222 build 2018-02-21_102240 Win10 > MEH: malicious process?: Custom("invalid value: integer `128`, expected variant index 0 <= i < 20")
Crash Signature: [@ mozalloc_abort | abort | core::result::unwrap_failed<T> | webrender_api::display_list::{{impl}}::next ] → [@ mozalloc_abort | abort | core::result::unwrap_failed<T> | webrender_api::display_list::{{impl}}::next ]
[@ core::result::unwrap_failed<T> | webrender_api::display_list::BuiltDisplayListIter::next ]
status-firefox60:
--- → disabled
status-firefox61:
--- → disabled
status-firefox-esr60:
--- → unaffected
OS: Mac OS X → All
Summary: Crash in mozalloc_abort | abort | core::result::unwrap_failed<T> | webrender_api::display_list::{{impl}}::next → Crash: MEH: malicious process?
Whiteboard: [wr-mvp] [triage]
Reporter | ||
Comment 4•6 years ago
|
||
bp-4d8c8659-95cd-46b4-a6fc-ba60b0180522 build 2018-05-21_220045 MacOS
Crash Signature: [@ mozalloc_abort | abort | core::result::unwrap_failed<T> | webrender_api::display_list::{{impl}}::next ]
[@ core::result::unwrap_failed<T> | webrender_api::display_list::BuiltDisplayListIter::next ] → [@ mozalloc_abort | abort | core::result::unwrap_failed<T> | webrender_api::display_list::{{impl}}::next ]
[@ core::result::unwrap_failed<T> | webrender_api::display_list::BuiltDisplayListIter::next ]
[@ mozalloc_abort | abort | core::result::unwrap_fai…
status-firefox62:
--- → disabled
Reporter | ||
Comment 6•6 years ago
|
||
bp-b46bd5de-f54a-4362-bc59-977c70180917, Nvidia, GP106 [GeForce GTX 1060 6GB] > MEH: malicious process?: Custom("invalid value: integer `150994944`, expected variant index 0 <= i < 3")
Crash Signature: core::result::unwrap_failed::h28729ab984c8d4f9 ] → core::result::unwrap_failed::h28729ab984c8d4f9 ]
[@ core::result::unwrap_failed<T> | webrender_api::display_list::BuiltDisplayListIter::next_raw ]
status-firefox63:
--- → disabled
status-firefox64:
--- → affected
Comment 7•5 years ago
|
||
One recent crash in the nightly 4-10 build. Should we just close this one out based on the low crash volume?
Comment 8•5 years ago
|
||
User reports here that bitmex.com causes this crash: https://www.reddit.com/r/firefox/comments/d14b0i/bitmexcom_always_crashing_tab
See crash id bp-40478f6c-7357-4eae-bbd0-200030190912
Comment 9•4 years ago
|
||
Closing because no crashes reported for 12 weeks.
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•