Closed Bug 1470054 Opened 6 years ago Closed 2 years ago

Intermitent SUMMARY: AddressSanitizer: heap-use-after-free z:\build\build\src\gfx\cairo\cairo\src\cairo-surface.c:2576 in _cairo_surface_get_extents

Tracking

()

Status:

RESOLVED WORKSFORME

People

(Reporter: noemi_erli, Unassigned)

References

Details

(Keywords: csectype-uaf, intermittent-failure, sec-moderate)

Noemi Erli[:noemi_erli]

Reporter

Description

•

6 years ago

Log example: https://treeherder.mozilla.org/logviewer.html#?job_id=184084821&repo=mozilla-central&lineNumber=1703

02:41:13     INFO -  122 INFO TEST-START | browser/base/content/test/popupNotifications/browser_popupNotification_checkbox.js
02:41:16     INFO -  GECKO(2656) | =================================================================
02:41:16    ERROR -  GECKO(2656) | ==2656==ERROR: AddressSanitizer: heap-use-after-free on address 0x11ba5f182b9c at pc 0x7ffeebe13c15 bp 0x0004a4bf9880 sp 0x0004a4bf98c8
02:41:16     INFO -  GECKO(2656) | READ of size 4 at 0x11ba5f182b9c thread T0
02:41:16     INFO -  GECKO(2656) |     #0 0x7ffeebe13c14 in _cairo_surface_get_extents z:\build\build\src\gfx\cairo\cairo\src\cairo-surface.c:2576
02:41:16     INFO -  GECKO(2656) |     #1 0x7ffeebd92c2d in _cairo_gstate_fill z:\build\build\src\gfx\cairo\cairo\src\cairo-gstate.c:1278
02:41:16     INFO -  GECKO(2656) |     #2 0x7ffeebe418b6 in _moz_cairo_fill z:\build\build\src\gfx\cairo\cairo\src\cairo.c:2449
02:41:16     INFO -  GECKO(2656) |     #3 0x7ffee3025ab2 in mozilla::gfx::DrawTargetCairo::ClearRect(struct mozilla::gfx::RectTyped<struct mozilla::gfx::UnknownUnits,float> const &) z:\build\build\src\gfx\2d\DrawTargetCairo.cpp:1208
02:41:16     INFO -  GECKO(2656) |     #4 0x7ffee9a4084d in mozilla::widget::WinCompositorWidget::ClearTransparentWindow(void) z:\build\build\src\widget\windows\WinCompositorWidget.cpp:301
02:41:16     INFO -  GECKO(2656) |     #5 0x7ffee9b9ab3d in nsWindow::Show(bool) z:\build\build\src\widget\windows\nsWindow.cpp:1637
02:41:16     INFO -  GECKO(2656) |     #6 0x7ffee98a8661 in nsView::DoResetWidgetBounds(bool,bool) z:\build\build\src\view\nsView.cpp:342
02:41:16     INFO -  GECKO(2656) |     #7 0x7ffee98b6067 in nsViewManager::ProcessPendingUpdatesForView(class nsView *,bool) z:\build\build\src\view\nsViewManager.cpp:399
02:41:16     INFO -  GECKO(2656) |     #8 0x7ffee98bcd1e in nsViewManager::ProcessPendingUpdates(void) z:\build\build\src\view\nsViewManager.cpp:1102
02:41:16     INFO -  GECKO(2656) |     #9 0x7ffee98afaba in nsViewManager::WillPaintWindow(class nsIWidget *) z:\build\build\src\view\nsViewManager.cpp:707
02:41:16     INFO -  GECKO(2656) |     #10 0x7ffee98af880 in nsView::WillPaintWindow(class nsIWidget *) z:\build\build\src\view\nsView.cpp:1061
02:41:16     INFO -  GECKO(2656) |     #11 0x7ffee9bddf28 in nsWindow::OnPaint(struct HDC__ *,unsigned int) z:\build\build\src\widget\windows\nsWindowGfx.cpp:293
02:41:16     INFO -  GECKO(2656) |     #12 0x7ffee9bb921c in nsWindow::ProcessMessage(unsigned int,unsigned __int64 &,__int64 &,__int64 *) z:\build\build\src\widget\windows\nsWindow.cpp:5563
02:41:16     INFO -  GECKO(2656) |     #13 0x7ffee9bb4c4e in nsWindow::WindowProcInternal(struct HWND__ *,unsigned int,unsigned __int64,__int64) z:\build\build\src\widget\windows\nsWindow.cpp:5031
02:41:16     INFO -  GECKO(2656) |     #14 0x7ffee09e378e in CallWindowProcCrashProtected z:\build\build\src\xpcom\base\nsCrashOnException.cpp:32
02:41:16     INFO -  GECKO(2656) |     #15 0x7ffee9b9727c in nsWindow::WindowProc(struct HWND__ *,unsigned int,unsigned __int64,__int64) z:\build\build\src\widget\windows\nsWindow.cpp:4983
02:41:16     INFO -  GECKO(2656) |     #16 0x7fff160cbc4f  (C:\Windows\System32\user32.dll+0x18000bc4f)
02:41:16     INFO -  GECKO(2656) |     #17 0x7fff160cb94b  (C:\Windows\System32\user32.dll+0x18000b94b)
02:41:16     INFO -  GECKO(2656) |     #18 0x7fff160e11f2  (C:\Windows\System32\user32.dll+0x1800211f2)
02:41:16     INFO -  GECKO(2656) |     #19 0x7fff16cd90b3  (C:\Windows\SYSTEM32\ntdll.dll+0x1800a90b3)
02:41:16     INFO -  GECKO(2656) |     #20 0x7fff13f31743  (C:\Windows\System32\win32u.dll+0x180001743)
02:41:16     INFO -  GECKO(2656) |     #21 0x7fff160cb651  (C:\Windows\System32\user32.dll+0x18000b651)
02:41:16     INFO -  GECKO(2656) |     #22 0x7ffee9b203bb in nsAppShell::ProcessNextNativeEvent(bool) z:\build\build\src\widget\windows\nsAppShell.cpp:551
02:41:16     INFO -  GECKO(2656) |     #23 0x7ffee9998ad2 in nsBaseAppShell::OnProcessNextEvent(class nsIThreadInternal *,bool) z:\build\build\src\widget\nsBaseAppShell.cpp:272
02:41:16     INFO -  GECKO(2656) |     #24 0x7ffee0be8aed in nsThread::ProcessNextEvent(bool,bool *) z:\build\build\src\xpcom\threads\nsThread.cpp:968
02:41:16     INFO -  GECKO(2656) |     #25 0x7ffee0c0b9fa in NS_ProcessNextEvent(class nsIThread *,bool) z:\build\build\src\xpcom\threads\nsThreadUtils.cpp:519
02:41:16     INFO -  GECKO(2656) |     #26 0x7ffee1be43d9 in mozilla::ipc::MessagePump::Run(class base::MessagePump::Delegate *) z:\build\build\src\ipc\glue\MessagePump.cpp:97
02:41:16     INFO -  GECKO(2656) |     #27 0x7ffee1b472de in MessageLoop::RunHandler(void) z:\build\build\src\ipc\chromium\src\base\message_loop.cc:318
02:41:16     INFO -  GECKO(2656) |     #28 0x7ffee1b47066 in MessageLoop::Run(void) z:\build\build\src\ipc\chromium\src\base\message_loop.cc:298
02:41:16     INFO -  GECKO(2656) |     #29 0x7ffee999841a in nsBaseAppShell::Run(void) z:\build\build\src\widget\nsBaseAppShell.cpp:157
02:41:16     INFO -  GECKO(2656) |     #30 0x7ffee9b1f287 in nsAppShell::Run(void) z:\build\build\src\widget\windows\nsAppShell.cpp:415
02:41:16     INFO -  GECKO(2656) |     #31 0x7ffeedd16c0e in nsAppStartup::Run(void) z:\build\build\src\toolkit\components\startup\nsAppStartup.cpp:290
02:41:16     INFO -  GECKO(2656) |     #32 0x7ffeedfaaa7c in XREMain::XRE_mainRun(void) z:\build\build\src\toolkit\xre\nsAppRunner.cpp:4746
02:41:16     INFO -  GECKO(2656) |     #33 0x7ffeedfb0194 in XREMain::XRE_main(int,char * * const,struct mozilla::BootstrapConfig const &) z:\build\build\src\toolkit\xre\nsAppRunner.cpp:4891
02:41:16     INFO -  GECKO(2656) |     #34 0x7ffeedfb26a0 in XRE_main(int,char * * const,struct mozilla::BootstrapConfig const &) z:\build\build\src\toolkit\xre\nsAppRunner.cpp:4983
02:41:16     INFO -  GECKO(2656) |     #35 0x7ff775ab1e3d  (Z:\task_1529546821\build\application\firefox\firefox.exe+0x140001e3d)
02:41:16     INFO -  GECKO(2656) |     #36 0x7ff775ab1529  (Z:\task_1529546821\build\application\firefox\firefox.exe+0x140001529)
02:41:16     INFO -  GECKO(2656) |     #37 0x7ff775baac87  (Z:\task_1529546821\build\application\firefox\firefox.exe+0x1400fac87)
02:41:16     INFO -  GECKO(2656) |     #38 0x7fff16022773  (C:\Windows\System32\KERNEL32.DLL+0x180012773)
02:41:16     INFO -  GECKO(2656) |     #39 0x7fff16ca0d60  (C:\Windows\SYSTEM32\ntdll.dll+0x180070d60)
02:41:16     INFO -  GECKO(2656) | 0x11ba5f182b9c is located 28 bytes inside of 616-byte region [0x11ba5f182b80,0x11ba5f182de8)
02:41:16     INFO -  GECKO(2656) | freed by thread T59 here:
02:41:16     INFO -  GECKO(2656) |     #0 0x7ffedffe2ce0  (Z:\task_1529546821\build\application\firefox\clang_rt.asan_dynamic-x86_64.dll+0x180032ce0)
02:41:16     INFO -  GECKO(2656) |     #1 0x7ffee3a4669c in gfxASurface::Release(void) z:\build\build\src\gfx\thebes\gfxASurface.cpp:100
02:41:16     INFO -  GECKO(2656) |     #2 0x7ffee9a40232 in mozilla::widget::WinCompositorWidget::CreateTransparentSurface(struct mozilla::gfx::IntSizeTyped<struct mozilla::gfx::UnknownUnits> const &) z:\build\build\src\widget\windows\WinCompositorWidget.cpp:265
02:41:16     INFO -  GECKO(2656) |     #3 0x7ffee9a3ec48 in mozilla::widget::WinCompositorWidget::EnsureTransparentSurface(void) z:\build\build\src\widget\windows\WinCompositorWidget.cpp:253
02:41:16     INFO -  GECKO(2656) |     #4 0x7ffee9a3e41d in mozilla::widget::WinCompositorWidget::StartRemoteDrawing(void) z:\build\build\src\widget\windows\WinCompositorWidget.cpp:91
02:41:16     INFO -  GECKO(2656) |     #5 0x7ffee998f495 in mozilla::widget::CompositorWidget::StartRemoteDrawingInRegion(class mozilla::gfx::IntRegionTyped<struct mozilla::LayoutDevicePixel> &,enum mozilla::layers::BufferMode *) z:\build\build\src\widget\CompositorWidget.h:159
02:41:16     INFO -  GECKO(2656) |     #6 0x7ffee3790e75 in mozilla::layers::BasicCompositor::BeginFrame(class mozilla::gfx::IntRegionTyped<struct mozilla::gfx::UnknownUnits> const &,struct mozilla::gfx::IntRectTyped<struct mozilla::gfx::UnknownUnits> const *,struct mozilla::gfx::IntRectTyped<struct mozilla::gfx::UnknownUnits> const &,class mozilla::gfx::IntRegionTyped<struct mozilla::gfx::UnknownUnits> const &,struct mozilla::gfx::IntRectTyped<struct mozilla::gfx::UnknownUnits> *,struct mozilla::gfx::IntRectTyped<struct mozilla::gfx::UnknownUnits> *) z:\build\build\src\gfx\layers\basic\BasicCompositor.cpp:928
02:41:16     INFO -  GECKO(2656) |     #7 0x7ffee38e3b41 in mozilla::layers::LayerManagerComposite::Render(class mozilla::gfx::IntRegionTyped<struct mozilla::gfx::UnknownUnits> const &,class mozilla::gfx::IntRegionTyped<struct mozilla::gfx::UnknownUnits> const &) z:\build\build\src\gfx\layers\composite\LayerManagerComposite.cpp:918
02:41:16     INFO -  GECKO(2656) |     #8 0x7ffee38e1631 in mozilla::layers::LayerManagerComposite::UpdateAndRender(void) z:\build\build\src\gfx\layers\composite\LayerManagerComposite.cpp:534
02:41:16     INFO -  GECKO(2656) |     #9 0x7ffee38dfd6c in mozilla::layers::LayerManagerComposite::EndTransaction(class mozilla::TimeStamp const &,enum mozilla::layers::LayerManager::EndTransactionFlags) z:\build\build\src\gfx\layers\composite\LayerManagerComposite.cpp:464
02:41:16     INFO -  GECKO(2656) |     #10 0x7ffee398fe6f in mozilla::layers::CompositorBridgeParent::CompositeToTarget(class mozilla::gfx::DrawTarget *,struct mozilla::gfx::IntRectTyped<struct mozilla::gfx::UnknownUnits> const *) z:\build\build\src\gfx\layers\ipc\CompositorBridgeParent.cpp:1068
02:41:16     INFO -  GECKO(2656) |     #11 0x7ffee39abb99 in mozilla::layers::CompositorVsyncScheduler::Composite(class mozilla::TimeStamp) z:\build\build\src\gfx\layers\ipc\CompositorVsyncScheduler.cpp:243
02:41:16     INFO -  GECKO(2656) |     #12 0x7ffee39d9111 in mozilla::detail::RunnableMethodImpl<class mozilla::layers::CompositorVsyncScheduler *,void ( mozilla::layers::CompositorVsyncScheduler::*)(class mozilla::TimeStamp),1,1,class mozilla::TimeStamp>::Run(void) z:\build\build\src\obj-firefox\dist\include\nsThreadUtils.h:1216
02:41:16     INFO -  GECKO(2656) |     #13 0x7ffee1b48533 in ?DeferOrRunPendingTask@MessageLoop@@IEAA_N$$QEAUPendingTask@1@@Z z:\build\build\src\ipc\chromium\src\base\message_loop.cc:459
02:41:16     INFO -  GECKO(2656) |     #14 0x7ffee1b49d1e in MessageLoop::DoWork(void) z:\build\build\src\ipc\chromium\src\base\message_loop.cc:534
02:41:16     INFO -  GECKO(2656) |     #15 0x7ffee1b1a302 in base::MessagePumpForUI::DoRunLoop(void) z:\build\build\src\ipc\chromium\src\base\message_pump_win.cc:210
02:41:16     INFO -  GECKO(2656) |     #16 0x7ffee1b1c759 in base::MessagePumpWin::Run(class base::MessagePump::Delegate *) z:\build\build\src\ipc\chromium\src\base\message_pump_win.h:80
02:41:16     INFO -  GECKO(2656) |     #17 0x7ffee1b472de in MessageLoop::RunHandler(void) z:\build\build\src\ipc\chromium\src\base\message_loop.cc:318
02:41:16     INFO -  GECKO(2656) |     #18 0x7ffee1b57ad5 in base::Thread::ThreadMain(void) z:\build\build\src\ipc\chromium\src\base\thread.cc:181
02:41:16     INFO -  GECKO(2656) |     #19 0x7ffee1b1e16f in `anonymous namespace'::ThreadFunc z:\build\build\src\ipc\chromium\src\base\platform_thread_win.cc:28
02:41:16     INFO -  GECKO(2656) |     #20 0x7ffedffed0b8  (Z:\task_1529546821\build\application\firefox\clang_rt.asan_dynamic-x86_64.dll+0x18003d0b8)
02:41:16     INFO -  GECKO(2656) |     #21 0x7fff16022773  (C:\Windows\System32\KERNEL32.DLL+0x180012773)
02:41:16     INFO -  GECKO(2656) |     #22 0x7ffefe595441 in patched_BaseThreadInitThunk z:\build\build\src\mozglue\build\WindowsDllBlocklist.cpp:622
02:41:16     INFO -  GECKO(2656) |     #23 0x7fff16ca0d60  (C:\Windows\SYSTEM32\ntdll.dll+0x180070d60)
02:41:16     INFO -  GECKO(2656) | previously allocated by thread T0 here:
02:41:16     INFO -  GECKO(2656) |     #0 0x7ffedffe2dd0  (Z:\task_1529546821\build\application\firefox\clang_rt.asan_dynamic-x86_64.dll+0x180032dd0)
02:41:16     INFO -  GECKO(2656) |     #1 0x7ffeebd656a3 in _cairo_win32_surface_create_for_dc z:\build\build\src\gfx\cairo\cairo\src\cairo-win32-surface.c:374
02:41:16     INFO -  GECKO(2656) |     #2 0x7ffee3b6de9d in gfxWindowsSurface::gfxWindowsSurface(struct mozilla::gfx::IntSizeTyped<struct mozilla::gfx::UnknownUnits> const &,enum mozilla::gfx::SurfaceFormat) z:\build\build\src\gfx\thebes\gfxWindowsSurface.cpp:46
02:41:16     INFO -  GECKO(2656) |     #3 0x7ffee9a401f1 in mozilla::widget::WinCompositorWidget::CreateTransparentSurface(struct mozilla::gfx::IntSizeTyped<struct mozilla::gfx::UnknownUnits> const &) z:\build\build\src\widget\windows\WinCompositorWidget.cpp:264
02:41:16     INFO -  GECKO(2656) |     #4 0x7ffee9a3ec48 in mozilla::widget::WinCompositorWidget::EnsureTransparentSurface(void) z:\build\build\src\widget\windows\WinCompositorWidget.cpp:253
02:41:16     INFO -  GECKO(2656) |     #5 0x7ffee9a4064c in mozilla::widget::WinCompositorWidget::ClearTransparentWindow(void) z:\build\build\src\widget\windows\WinCompositorWidget.cpp:292
02:41:16     INFO -  GECKO(2656) |     #6 0x7ffee9b9ab3d in nsWindow::Show(bool) z:\build\build\src\widget\windows\nsWindow.cpp:1637
02:41:16     INFO -  GECKO(2656) |     #7 0x7ffee98a8661 in nsView::DoResetWidgetBounds(bool,bool) z:\build\build\src\view\nsView.cpp:342
02:41:16     INFO -  GECKO(2656) |     #8 0x7ffee98b6067 in nsViewManager::ProcessPendingUpdatesForView(class nsView *,bool) z:\build\build\src\view\nsViewManager.cpp:399
02:41:16     INFO -  GECKO(2656) |     #9 0x7ffee98bcd1e in nsViewManager::ProcessPendingUpdates(void) z:\build\build\src\view\nsViewManager.cpp:1102
02:41:16     INFO -  GECKO(2656) |     #10 0x7ffee98afaba in nsViewManager::WillPaintWindow(class nsIWidget *) z:\build\build\src\view\nsViewManager.cpp:707
02:41:16     INFO -  GECKO(2656) |     #11 0x7ffee98af880 in nsView::WillPaintWindow(class nsIWidget *) z:\build\build\src\view\nsView.cpp:1061
02:41:16     INFO -  GECKO(2656) |     #12 0x7ffee9bddf28 in nsWindow::OnPaint(struct HDC__ *,unsigned int) z:\build\build\src\widget\windows\nsWindowGfx.cpp:293
02:41:16     INFO -  GECKO(2656) |     #13 0x7ffee9bb921c in nsWindow::ProcessMessage(unsigned int,unsigned __int64 &,__int64 &,__int64 *) z:\build\build\src\widget\windows\nsWindow.cpp:5563
02:41:16     INFO -  GECKO(2656) |     #14 0x7ffee9bb4c4e in nsWindow::WindowProcInternal(struct HWND__ *,unsigned int,unsigned __int64,__int64) z:\build\build\src\widget\windows\nsWindow.cpp:5031
02:41:16     INFO -  GECKO(2656) |     #15 0x7ffee09e378e in CallWindowProcCrashProtected z:\build\build\src\xpcom\base\nsCrashOnException.cpp:32
02:41:16     INFO -  GECKO(2656) |     #16 0x7ffee9b9727c in nsWindow::WindowProc(struct HWND__ *,unsigned int,unsigned __int64,__int64) z:\build\build\src\widget\windows\nsWindow.cpp:4983
02:41:16     INFO -  GECKO(2656) |     #17 0x7fff160cbc4f  (C:\Windows\System32\user32.dll+0x18000bc4f)
02:41:16     INFO -  GECKO(2656) |     #18 0x7fff160cb94b  (C:\Windows\System32\user32.dll+0x18000b94b)
02:41:16     INFO -  GECKO(2656) |     #19 0x7fff160e11f2  (C:\Windows\System32\user32.dll+0x1800211f2)
02:41:16     INFO -  GECKO(2656) |     #20 0x7fff16cd90b3  (C:\Windows\SYSTEM32\ntdll.dll+0x1800a90b3)
02:41:16     INFO -  GECKO(2656) |     #21 0x7fff13f31743  (C:\Windows\System32\win32u.dll+0x180001743)
02:41:16     INFO -  GECKO(2656) |     #22 0x7fff160cb651  (C:\Windows\System32\user32.dll+0x18000b651)
02:41:16     INFO -  GECKO(2656) |     #23 0x7ffee9b203bb in nsAppShell::ProcessNextNativeEvent(bool) z:\build\build\src\widget\windows\nsAppShell.cpp:551
02:41:16     INFO -  GECKO(2656) |     #24 0x7ffee9998ad2 in nsBaseAppShell::OnProcessNextEvent(class nsIThreadInternal *,bool) z:\build\build\src\widget\nsBaseAppShell.cpp:272
02:41:16     INFO -  GECKO(2656) |     #25 0x7ffee0be8aed in nsThread::ProcessNextEvent(bool,bool *) z:\build\build\src\xpcom\threads\nsThread.cpp:968
02:41:16     INFO -  GECKO(2656) |     #26 0x7ffee0c0b9fa in NS_ProcessNextEvent(class nsIThread *,bool) z:\build\build\src\xpcom\threads\nsThreadUtils.cpp:519
02:41:16     INFO -  GECKO(2656) |     #27 0x7ffee1be43d9 in mozilla::ipc::MessagePump::Run(class base::MessagePump::Delegate *) z:\build\build\src\ipc\glue\MessagePump.cpp:97
02:41:16     INFO -  GECKO(2656) |     #28 0x7ffee1b472de in MessageLoop::RunHandler(void) z:\build\build\src\ipc\chromium\src\base\message_loop.cc:318
02:41:16     INFO -  GECKO(2656) |     #29 0x7ffee1b47066 in MessageLoop::Run(void) z:\build\build\src\ipc\chromium\src\base\message_loop.cc:298
02:41:16     INFO -  GECKO(2656) | Thread T59 created by T0 here:
02:41:16     INFO -  GECKO(2656) |     #0 0x7ffedffee200  (Z:\task_1529546821\build\application\firefox\clang_rt.asan_dynamic-x86_64.dll+0x18003e200)
02:41:16     INFO -  GECKO(2656) |     #1 0x7ffee1b1e10f in PlatformThread::Create(unsigned __int64,class PlatformThread::Delegate *,void * *) z:\build\build\src\ipc\chromium\src\base\platform_thread_win.cc:86
02:41:16     INFO -  GECKO(2656) |     #2 0x7ffee1b5738c in base::Thread::StartWithOptions(struct base::Thread::Options const &) z:\build\build\src\ipc\chromium\src\base\thread.cc:99
02:41:16     INFO -  GECKO(2656) |     #3 0x7ffee39aa3bc in mozilla::layers::CompositorThreadHolder::CompositorThreadHolder(void) z:\build\build\src\gfx\layers\ipc\CompositorThread.cpp:53
02:41:16     INFO -  GECKO(2656) |     #4 0x7ffee39aa6f0 in mozilla::layers::CompositorThreadHolder::Start(void) z:\build\build\src\gfx\layers\ipc\CompositorThread.cpp:124
02:41:16     INFO -  GECKO(2656) |     #5 0x7ffee3a8b35b in gfxPlatform::Init(void) z:\build\build\src\gfx\thebes\gfxPlatform.cpp:778
02:41:16     INFO -  GECKO(2656) |     #6 0x7ffee3a88303 in gfxPlatform::GetPlatform(void) z:\build\build\src\gfx\thebes\gfxPlatform.cpp:535
02:41:16     INFO -  GECKO(2656) |     #7 0x7ffeea119c3f in nsRefreshDriver::ChooseTimer(void)const  z:\build\build\src\layout\base\nsRefreshDriver.cpp:1110
02:41:16     INFO -  GECKO(2656) |     #8 0x7ffeea11d6fb in nsRefreshDriver::EnsureTimerStarted(enum nsRefreshDriver::EnsureTimerStartedFlags) z:\build\build\src\layout\base\nsRefreshDriver.cpp:1360
02:41:16     INFO -  GECKO(2656) |     #9 0x7ffeea186d16 in nsRefreshDriver::AddStyleFlushObserver(class nsIPresShell *) z:\build\build\src\layout\base\nsRefreshDriver.h:188
02:41:16     INFO -  GECKO(2656) |     #10 0x7ffeea35d7a4 in nsPresContext::CompatibilityModeChanged(void) z:\build\build\src\layout\base\nsPresContext.cpp:1182
02:41:16     INFO -  GECKO(2656) |     #11 0x7ffeea180a1d in mozilla::PresShell::Init(class nsIDocument *,class nsPresContext *,class nsViewManager *,class mozilla::UniquePtr<class mozilla::ServoStyleSet,class mozilla::DefaultDelete<class mozilla::ServoStyleSet> >) z:\build\build\src\layout\base\PresShell.cpp:951
02:41:16     INFO -  GECKO(2656) |     #12 0x7ffee44a3a31 in nsIDocument::CreateShell(class nsPresContext *,class nsViewManager *,class mozilla::UniquePtr<class mozilla::ServoStyleSet,class mozilla::DefaultDelete<class mozilla::ServoStyleSet> >) z:\build\build\src\dom\base\nsDocument.cpp:3782
02:41:16     INFO -  GECKO(2656) |     #13 0x7ffeea2a367f in nsDocumentViewer::InitPresentationStuff(bool) z:\build\build\src\layout\base\nsDocumentViewer.cpp:794
02:41:16     INFO -  GECKO(2656) |     #14 0x7ffeea2a29ab in nsDocumentViewer::InitInternal(class nsIWidget *,class nsISupports *,struct mozilla::gfx::IntRectTyped<struct mozilla::gfx::UnknownUnits> const &,bool,bool,bool) z:\build\build\src\layout\base\nsDocumentViewer.cpp:1044
02:41:16     INFO -  GECKO(2656) |     #15 0x7ffeea2a1b30 in nsDocumentViewer::Init(class nsIWidget *,struct mozilla::gfx::IntRectTyped<struct mozilla::gfx::UnknownUnits> const &) z:\build\build\src\layout\base\nsDocumentViewer.cpp:769
02:41:16     INFO -  GECKO(2656) |     #16 0x7ffeed3aed57 in nsDocShell::SetupNewViewer(class nsIContentViewer *) z:\build\build\src\docshell\base\nsDocShell.cpp:8906
02:41:16     INFO -  GECKO(2656) |     #17 0x7ffeed3ad752 in nsDocShell::Embed(class nsIContentViewer *,char const *,class nsISupports *) z:\build\build\src\docshell\base\nsDocShell.cpp:6716
02:41:16     INFO -  GECKO(2656) |     #18 0x7ffeed3bea9a in nsDocShell::CreateAboutBlankContentViewer(class nsIPrincipal *,class nsIURI *,bool,bool) z:\build\build\src\docshell\base\nsDocShell.cpp:7595
02:41:16     INFO -  GECKO(2656) |     #19 0x7ffeed3c016a in nsDocShell::CreateAboutBlankContentViewer(class nsIPrincipal *) z:\build\build\src\docshell\base\nsDocShell.cpp:7620
02:41:16     INFO -  GECKO(2656) |     #20 0x7ffeed44f9c0 in nsWebShellWindow::Initialize(class nsIXULWindow *,class nsIXULWindow *,class nsIURI *,int,int,bool,class nsITabParent *,class mozIDOMWindowProxy *,struct nsWidgetInitData &) z:\build\build\src\xpfe\appshell\nsWebShellWindow.cpp:233
02:41:16     INFO -  GECKO(2656) |     #21 0x7ffeed4498a8 in nsAppShellService::JustCreateTopWindow(class nsIXULWindow *,class nsIURI *,unsigned int,int,int,bool,class nsITabParent *,class mozIDOMWindowProxy *,class nsWebShellWindow * *) z:\build\build\src\xpfe\appshell\nsAppShellService.cpp:736
02:41:16     INFO -  GECKO(2656) |     #22 0x7ffeed44ba3c in nsAppShellService::CreateTopLevelWindow(class nsIXULWindow *,class nsIURI *,unsigned int,int,int,class nsITabParent *,class mozIDOMWindowProxy *,class nsIXULWindow * *) z:\build\build\src\xpfe\appshell\nsAppShellService.cpp:200
02:41:16     INFO -  GECKO(2656) |     #23 0x7ffeedd1950f in nsAppStartup::CreateChromeWindow2(class nsIWebBrowserChrome *,unsigned int,class nsITabParent *,class mozIDOMWindowProxy *,unsigned __int64,bool *,class nsIWebBrowserChrome * *) z:\build\build\src\toolkit\components\startup\nsAppStartup.cpp:680
02:41:16     INFO -  GECKO(2656) |     #24 0x7ffeedf05d14 in nsWindowWatcher::CreateChromeWindow(class nsTSubstring<char> const &,class nsIWebBrowserChrome *,unsigned int,class nsITabParent *,class mozIDOMWindowProxy *,unsigned __int64,class nsIWebBrowserChrome * *) z:\build\build\src\toolkit\components\windowwatcher\nsWindowWatcher.cpp:467
02:41:16     INFO -  GECKO(2656) |     #25 0x7ffeedf00aa8 in nsWindowWatcher::OpenWindowInternal(class mozIDOMWindowProxy *,char const *,char const *,char const *,bool,bool,bool,class nsIArray *,bool,bool,class nsIDocShellLoadInfo *,class mozIDOMWindowProxy * *) z:\build\build\src\toolkit\components\windowwatcher\nsWindowWatcher.cpp:938
02:41:16     INFO -  GECKO(2656) |     #26 0x7ffeedefc1c4 in nsWindowWatcher::OpenWindow(class mozIDOMWindowProxy *,char const *,char const *,char const *,class nsISupports *,class mozIDOMWindowProxy * *) z:\build\build\src\toolkit\components\windowwatcher\nsWindowWatcher.cpp:327
02:41:16     INFO -  GECKO(2656) |     #27 0x7ffef0783051 in XPTC__InvokebyIndex z:\build\build\src\xpcom\reflect\xptcall\md\win32\xptcinvoke_asm_x86_64.asm:97
02:41:16     INFO -  GECKO(2656) |     #28 0x7ffee276d7f2 in XPCWrappedNative::CallMethod(class XPCCallContext &,enum XPCWrappedNative::CallMode) z:\build\build\src\js\xpconnect\src\XPCWrappedNative.cpp:1186
02:41:16     INFO -  GECKO(2656) |     #29 0x7ffee2774ab9 in XPC_WN_CallMethod(struct JSContext *,unsigned int,union JS::Value *) z:\build\build\src\js\xpconnect\src\XPCWrappedNativeJSOps.cpp:899
02:41:16     INFO -  GECKO(2656) |     #30 0x7ffeefb27f52 in js::InternalCallOrConstruct(struct JSContext *,class JS::CallArgs const &,enum js::MaybeConstruct) z:\build\build\src\js\src\vm\Interpreter.cpp:471
02:41:16     INFO -  GECKO(2656) |     #31 0x7ffeefb29635 in InternalCall z:\build\build\src\js\src\vm\Interpreter.cpp:520
02:41:16     INFO -  GECKO(2656) |     #32 0x7ffeefb0cc07 in Interpret z:\build\build\src\js\src\vm\Interpreter.cpp:3122
02:41:16     INFO -  GECKO(2656) |     #33 0x7ffeefaf0df0 in js::RunScript(struct JSContext *,class js::RunState &) z:\build\build\src\js\src\vm\Interpreter.cpp:421
02:41:16     INFO -  GECKO(2656) |     #34 0x7ffeefb28554 in js::InternalCallOrConstruct(struct JSContext *,class JS::CallArgs const &,enum js::MaybeConstruct) z:\build\build\src\js\src\vm\Interpreter.cpp:493
02:41:16     INFO -  GECKO(2656) |     #35 0x7ffeefb29635 in InternalCall z:\build\build\src\js\src\vm\Interpreter.cpp:520
02:41:16     INFO -  GECKO(2656) |     #36 0x7ffeefb29866 in js::Call(struct JSContext *,class JS::Handle<union JS::Value>,class JS::Handle<union JS::Value>,class js::AnyInvokeArgs const &,class JS::MutableHandle<union JS::Value>) z:\build\build\src\js\src\vm\Interpreter.cpp:539
02:41:16     INFO -  GECKO(2656) |     #37 0x7ffeee1c8b8b in JS_CallFunctionValue(struct JSContext *,class JS::Handle<class JSObject *>,class JS::Handle<union JS::Value>,class JS::HandleValueArray const &,class JS::MutableHandle<union JS::Value>) z:\build\build\src\js\src\jsapi.cpp:2851
02:41:16     INFO -  GECKO(2656) |     #38 0x7ffee2752e1f in nsXPCWrappedJSClass::CallMethod(class nsXPCWrappedJS *,unsigned short,struct nsXPTMethodInfo const *,struct nsXPTCMiniVariant *) z:\build\build\src\js\xpconnect\src\XPCWrappedJSClass.cpp:1123
02:41:16     INFO -  GECKO(2656) |     #39 0x7ffee2750ab3 in nsXPCWrappedJS::CallMethod(unsigned short,struct nsXPTMethodInfo const *,struct nsXPTCMiniVariant *) z:\build\build\src\js\xpconnect\src\XPCWrappedJS.cpp:611
02:41:16     INFO -  GECKO(2656) |     #40 0x7ffee0c21332 in PrepareAndDispatch z:\build\build\src\xpcom\reflect\xptcall\md\win32\xptcstubs_x86_64.cpp:173
02:41:16     INFO -  GECKO(2656) |     #41 0x7ffef07830a8 in SharedStub z:\build\build\src\xpcom\reflect\xptcall\md\win32\xptcstubs_asm_x86_64.asm:57
02:41:16     INFO -  GECKO(2656) |     #42 0x7ffee0b878f7 in NS_CreateServicesFromCategory(char const *,class nsISupports *,char const *,UNKNOWN const *) z:\build\build\src\xpcom\components\nsCategoryManager.cpp:810
02:41:16     INFO -  GECKO(2656) |     #43 0x7ffeedfe1219 in nsXREDirProvider::DoStartup(void) z:\build\build\src\toolkit\xre\nsXREDirProvider.cpp:999
02:41:16     INFO -  GECKO(2656) |     #44 0x7ffeedfa9f8c in XREMain::XRE_mainRun(void) z:\build\build\src\toolkit\xre\nsAppRunner.cpp:4574
02:41:16     INFO -  GECKO(2656) |     #45 0x7ffeedfb0194 in XREMain::XRE_main(int,char * * const,struct mozilla::BootstrapConfig const &) z:\build\build\src\toolkit\xre\nsAppRunner.cpp:4891
02:41:16     INFO -  GECKO(2656) |     #46 0x7ffeedfb26a0 in XRE_main(int,char * * const,struct mozilla::BootstrapConfig const &) z:\build\build\src\toolkit\xre\nsAppRunner.cpp:4983
02:41:16     INFO -  GECKO(2656) |     #47 0x7ff775ab1e3d  (Z:\task_1529546821\build\application\firefox\firefox.exe+0x140001e3d)
02:41:16     INFO -  GECKO(2656) |     #48 0x7ff775ab1529  (Z:\task_1529546821\build\application\firefox\firefox.exe+0x140001529)
02:41:16     INFO -  GECKO(2656) |     #49 0x7ff775baac87  (Z:\task_1529546821\build\application\firefox\firefox.exe+0x1400fac87)
02:41:16     INFO -  GECKO(2656) |     #50 0x7fff16022773  (C:\Windows\System32\KERNEL32.DLL+0x180012773)
02:41:16     INFO -  GECKO(2656) |     #51 0x7fff16ca0d60  (C:\Windows\SYSTEM32\ntdll.dll+0x180070d60)
02:41:16     INFO -  GECKO(2656) | SUMMARY: AddressSanitizer: heap-use-after-free z:\build\build\src\gfx\cairo\cairo\src\cairo-surface.c:2576 in _cairo_surface_get_extents
02:41:16     INFO -  GECKO(2656) | Shadow bytes around the buggy address:
02:41:16     INFO -  GECKO(2656) |   0x03c5aadb0520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
02:41:16     INFO -  GECKO(2656) |   0x03c5aadb0530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
02:41:16     INFO -  GECKO(2656) |   0x03c5aadb0540: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
02:41:16     INFO -  GECKO(2656) |   0x03c5aadb0550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02
02:41:16     INFO -  GECKO(2656) |   0x03c5aadb0560: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
02:41:16     INFO -  GECKO(2656) | =>0x03c5aadb0570: fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd
02:41:16     INFO -  GECKO(2656) |   0x03c5aadb0580: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
02:41:16     INFO -  GECKO(2656) |   0x03c5aadb0590: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
02:41:16     INFO -  GECKO(2656) |   0x03c5aadb05a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
02:41:16     INFO -  GECKO(2656) |   0x03c5aadb05b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
02:41:16     INFO -  GECKO(2656) |   0x03c5aadb05c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

Daniel Veditz [:dveditz]

Updated

•

6 years ago

Group: core-security → gfx-core-security

Daniel Veditz [:dveditz]

Updated

•

6 years ago

Updated

•

6 years ago

Keywords: csectype-uaf, sec-moderate

Ryan VanderMeulen [:RyanVM]

Comment 2

•

6 years ago

Lots of widget code on the stack again. Hopefully we can dupe these all over to bug 1467363 eventually.

Andrew McCreight [:mccr8]

Comment 3

•

2 years ago

Closing some ancient sec-moderate intermittent failures.

Status: NEW → RESOLVED

Closed: 2 years ago

Resolution: --- → WORKSFORME

Daniel Veditz [:dveditz]

Updated

•

2 years ago

Group: gfx-core-security

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Intermitent SUMMARY: AddressSanitizer: heap-use-after-free z:\build\build\src\gfx\cairo\cairo\src\cairo-surface.c:2576 in _cairo_surface_get_extents

Categories

(Core :: Graphics, defect)

Tracking

()

People

(Reporter: noemi_erli, Unassigned)

References

Details

(Keywords: csectype-uaf, intermittent-failure, sec-moderate)

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Comment 2

Comment 3

Updated