Closed
Bug 1425443
Opened 6 years ago
Closed 6 years ago
Crash in mozilla::layers::CompositorVsyncScheduler::DispatchVREvents
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1420940
People
(Reporter: jesup, Unassigned)
Details
(4 keywords, Whiteboard: [adv-main59-])
Crash Data
This bug was filed from the Socorro interface and is report bp-13c18af4-2aaa-4864-8062-a52cd0171211. ============================================================= Top frames of crashing thread: 0 xul.dll mozilla::layers::CompositorVsyncScheduler::DispatchVREvents gfx/layers/ipc/CompositorVsyncScheduler.cpp:365 1 xul.dll mozilla::detail::RunnableMethodImpl<mozilla::layers::CompositorVsyncScheduler*, void xpcom/threads/nsThreadUtils.h:1192 2 xul.dll MessageLoop::DoWork ipc/chromium/src/base/message_loop.cc:535 ============================================================= UAF in 59 - I'd guess either the object itself is gone (perhaps the runnable didn't hold a ref to it somehow(!?), or that the display is slightly off and it's actually the Monitor that was freed; or (less likely) that the ::Get() call is UAFing. There are a handful of crashes before 11/22, but with slightly different signatures - perhaps the code changed then and the crash switched from wildptr to a UAF read (the monitor appears to have been introduced there). The single 57.0 crash was a wildptr EXEC, which isn't good. Assuming it's a regression for now, but might just be a change of symptom/frequency.
Updated•6 years ago
|
Group: core-security → gfx-core-security
Reporter | ||
Comment 1•6 years ago
|
||
daoshengmu@gmail.com seems to have made most of the changes here recently - thoughts?
Flags: needinfo?(daoshengmu)
Comment 2•6 years ago
|
||
I think it has been resolved at https://bugzilla.mozilla.org/show_bug.cgi?id=1420940#c10. Thanks!
Flags: needinfo?(daoshengmu)
Reporter | ||
Updated•6 years ago
|
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Updated•6 years ago
|
Whiteboard: [adv-main59-]
Updated•6 years ago
|
Group: gfx-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•