Closed
Bug 1475594
Opened 6 years ago
Closed 4 years ago
AddressSanitizer: heap-use-after-free z:\build\build\src\gfx\cairo\cairo\src\cairo-gstate.c:218 in _cairo_gstate_fini
Categories
(Core :: Graphics, defect)
Core
Graphics
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: aryx, Unassigned)
References
Details
(Keywords: csectype-uaf, intermittent-failure, sec-moderate)
We have seen this at least twice with a stack different from bug 1467363. Earlier failure: https://treeherder.mozilla.org/logviewer.html#?job_id=187211349&repo=autoland Today: https://treeherder.mozilla.org/logviewer.html#?job_id=188059922&repo=mozilla-inbound&lineNumber=6254 15:48:46 INFO - 986 INFO TEST-START | toolkit/mozapps/extensions/test/xpinstall/browser_trigger_redirect.js 15:48:47 INFO - GECKO(2204) | 1531496927090 addons.xpi DEBUG Download started for http://example.com/browser/toolkit/mozapps/extensions/test/xpinstall/amosigned.xpi to file C:\Users\task_1531495087\AppData\Local\Temp\tmp-fvl.xpi 15:48:47 INFO - GECKO(2204) | 1531496927092 addons.xpi DEBUG Download of http://example.com/browser/toolkit/mozapps/extensions/test/xpinstall/amosigned.xpi completed. 15:48:47 INFO - GECKO(2204) | 1531496927187 addons.repository DEBUG cacheAddons: enabled false IDs ["amosigned-xpi@tests.mozilla.org"] 15:48:47 INFO - GECKO(2204) | 1531496927333 addons.xpi DEBUG Starting install of amosigned-xpi@tests.mozilla.org from http://example.com/browser/toolkit/mozapps/extensions/test/xpinstall/amosigned.xpi 15:48:47 INFO - GECKO(2204) | ================================================================= 15:48:47 ERROR - GECKO(2204) | ==2204==ERROR: AddressSanitizer: heap-use-after-free on address 0x12e080a7d490 at pc 0x7fff66733bc2 bp 0x00e0cd61d290 sp 0x00e0cd61d2d8 15:48:47 INFO - GECKO(2204) | WRITE of size 8 at 0x12e080a7d490 thread T56 15:48:47 INFO - GECKO(2204) | 1531496927369 addons.xpi DEBUG Addon amosigned-xpi@tests.mozilla.org will be installed as a packed xpi 15:48:47 INFO - GECKO(2204) | 1531496927377 addons.xpi DEBUG Calling bootstrap method shutdown on amosigned-xpi@tests.mozilla.org version 2.1 15:48:47 INFO - GECKO(2204) | #0 0x7fff66733bc1 in _cairo_gstate_fini z:\build\build\src\gfx\cairo\cairo\src\cairo-gstate.c:218 15:48:47 INFO - GECKO(2204) | #1 0x7fff667345e1 in _cairo_gstate_restore z:\build\build\src\gfx\cairo\cairo\src\cairo-gstate.c:290 15:48:47 INFO - GECKO(2204) | #2 0x7fff667e5955 in _moz_cairo_restore z:\build\build\src\gfx\cairo\cairo\src\cairo.c:608 15:48:47 INFO - GECKO(2204) | #3 0x7fff5d6f1430 in mozilla::gfx::`anonymous namespace'::AutoPrepareForDrawing::~AutoPrepareForDrawing z:\build\build\src\gfx\2d\DrawTargetCairo.cpp:85 15:48:47 INFO - GECKO(2204) | #4 0x7fff5d6f8022 in mozilla::gfx::DrawTargetCairo::CopySurface(class mozilla::gfx::SourceSurface *,struct mozilla::gfx::IntRectTyped<struct mozilla::gfx::UnknownUnits> const &,struct mozilla::gfx::IntPointTyped<struct mozilla::gfx::UnknownUnits> const &) z:\build\build\src\gfx\2d\DrawTargetCairo.cpp:1151 15:48:47 INFO - GECKO(2204) | #5 0x7fff5de57497 in mozilla::layers::BasicCompositor::TryToEndRemoteDrawing(bool) z:\build\build\src\gfx\layers\basic\BasicCompositor.cpp:1050 15:48:47 INFO - GECKO(2204) | #6 0x7fff5de697c7 in mozilla::layers::BasicCompositor::EndFrame(void) z:\build\build\src\gfx\layers\basic\BasicCompositor.cpp:1015 15:48:47 INFO - GECKO(2204) | #7 0x7fff5dfbb407 in mozilla::layers::LayerManagerComposite::Render(class mozilla::gfx::IntRegionTyped<struct mozilla::gfx::UnknownUnits> const &,class mozilla::gfx::IntRegionTyped<struct mozilla::gfx::UnknownUnits> const &) z:\build\build\src\gfx\layers\composite\LayerManagerComposite.cpp:995 15:48:47 INFO - GECKO(2204) | #8 0x7fff5dfb7a61 in mozilla::layers::LayerManagerComposite::UpdateAndRender(void) z:\build\build\src\gfx\layers\composite\LayerManagerComposite.cpp:534 15:48:47 INFO - GECKO(2204) | #9 0x7fff5dfb619c in mozilla::layers::LayerManagerComposite::EndTransaction(class mozilla::TimeStamp const &,enum mozilla::layers::LayerManager::EndTransactionFlags) z:\build\build\src\gfx\layers\composite\LayerManagerComposite.cpp:464 15:48:47 INFO - GECKO(2204) | #10 0x7fff5e06675f in mozilla::layers::CompositorBridgeParent::CompositeToTarget(class mozilla::gfx::DrawTarget *,struct mozilla::gfx::IntRectTyped<struct mozilla::gfx::UnknownUnits> const *) z:\build\build\src\gfx\layers\ipc\CompositorBridgeParent.cpp:1068 15:48:47 INFO - GECKO(2204) | #11 0x7fff5e0835c9 in mozilla::layers::CompositorVsyncScheduler::Composite(class mozilla::TimeStamp) z:\build\build\src\gfx\layers\ipc\CompositorVsyncScheduler.cpp:243 15:48:47 INFO - GECKO(2204) | #12 0x7fff5e0b93f1 in mozilla::detail::RunnableMethodImpl<class mozilla::layers::CompositorVsyncScheduler *,void ( mozilla::layers::CompositorVsyncScheduler::*)(class mozilla::TimeStamp),1,1,class mozilla::TimeStamp>::Run(void) z:\build\build\src\obj-firefox\dist\include\nsThreadUtils.h:1217 15:48:47 INFO - GECKO(2204) | #13 0x7fff5c1dc183 in ?DeferOrRunPendingTask@MessageLoop@@IEAA_N$$QEAUPendingTask@1@@Z z:\build\build\src\ipc\chromium\src\base\message_loop.cc:459 15:48:47 INFO - GECKO(2204) | #14 0x7fff5c1dd96e in MessageLoop::DoWork(void) z:\build\build\src\ipc\chromium\src\base\message_loop.cc:534 15:48:47 INFO - GECKO(2204) | #15 0x7fff5c1adf22 in base::MessagePumpForUI::DoRunLoop(void) z:\build\build\src\ipc\chromium\src\base\message_pump_win.cc:210 15:48:47 INFO - GECKO(2204) | #16 0x7fff5c1b0379 in base::MessagePumpWin::Run(class base::MessagePump::Delegate *) z:\build\build\src\ipc\chromium\src\base\message_pump_win.h:80 15:48:47 INFO - GECKO(2204) | #17 0x7fff5c1daf2e in MessageLoop::RunHandler(void) z:\build\build\src\ipc\chromium\src\base\message_loop.cc:318 15:48:47 INFO - GECKO(2204) | #18 0x7fff5c1eb725 in base::Thread::ThreadMain(void) z:\build\build\src\ipc\chromium\src\base\thread.cc:181 15:48:47 INFO - GECKO(2204) | #19 0x7fff5c1b1d8f in `anonymous namespace'::ThreadFunc z:\build\build\src\ipc\chromium\src\base\platform_thread_win.cc:28 15:48:47 INFO - GECKO(2204) | #20 0x7fff79f5dca8 (Z:\task_1531495087\build\application\firefox\clang_rt.asan_dynamic-x86_64.dll+0x18003dca8) 15:48:47 INFO - GECKO(2204) | #21 0x7fff972a2773 (C:\Windows\System32\KERNEL32.DLL+0x180012773) 15:48:47 INFO - GECKO(2204) | #22 0x7fff7ee975c3 in patched_BaseThreadInitThunk z:\build\build\src\mozglue\build\WindowsDllBlocklist.cpp:670 15:48:47 INFO - GECKO(2204) | #23 0x7fff97500d60 (C:\Windows\SYSTEM32\ntdll.dll+0x180070d60) 15:48:47 INFO - GECKO(2204) | 0x12e080a7d490 is located 272 bytes inside of 1424-byte region [0x12e080a7d380,0x12e080a7d910) 15:48:47 INFO - GECKO(2204) | freed by thread T0 here: 15:48:47 INFO - GECKO(2204) | #0 0x7fff79f537a0 (Z:\task_1531495087\build\application\firefox\clang_rt.asan_dynamic-x86_64.dll+0x1800337a0) 15:48:47 INFO - GECKO(2204) | #1 0x7fff667e56a3 in _moz_cairo_destroy z:\build\build\src\gfx\cairo\cairo\src\cairo.c:485 15:48:47 INFO - GECKO(2204) | #2 0x7fff5d6eda85 in mozilla::gfx::DrawTargetCairo::~DrawTargetCairo(void) z:\build\build\src\gfx\2d\DrawTargetCairo.cpp:615 15:48:47 INFO - GECKO(2204) | #3 0x7fff5d78c5ff in mozilla::gfx::DrawTargetCairo::`scalar deleting destructor'(unsigned int) z:\build\build\src\gfx\2d\DrawTargetCairo.cpp:614 15:48:47 INFO - GECKO(2204) | #4 0x7fff643fbcc3 in mozilla::widget::WinCompositorWidget::ClearTransparentWindow(void) z:\build\build\src\widget\windows\WinCompositorWidget.cpp:312 15:48:47 INFO - GECKO(2204) | #5 0x7fff645589ed in nsWindow::Show(bool) z:\build\build\src\widget\windows\nsWindow.cpp:1638 15:48:47 INFO - GECKO(2204) | #6 0x7fff64260c11 in nsView::DoResetWidgetBounds(bool,bool) z:\build\build\src\view\nsView.cpp:342 15:48:47 INFO - GECKO(2204) | #7 0x7fff6426e8d7 in nsViewManager::ProcessPendingUpdatesForView(class nsView *,bool) z:\build\build\src\view\nsViewManager.cpp:399 15:48:47 INFO - GECKO(2204) | #8 0x7fff64276d66 in nsViewManager::UpdateWidgetGeometry(void) z:\build\build\src\view\nsViewManager.cpp:1117 15:48:47 INFO - GECKO(2204) | #9 0x7fff64b34392 in mozilla::PresShell::DoFlushPendingNotifications(struct mozilla::ChangesToFlush) z:\build\build\src\layout\base\PresShell.cpp:4353 15:48:47 INFO - GECKO(2204) | #10 0x7fff64aaff15 in nsRefreshDriver::Tick(class mozilla::TimeStamp) z:\build\build\src\layout\base\nsRefreshDriver.cpp:1928 15:48:47 INFO - GECKO(2204) | #11 0x7fff64ac34ed in mozilla::RefreshDriverTimer::TickRefreshDrivers(class mozilla::TimeStamp,class nsTArray<class RefPtr<class nsRefreshDriver> > &) z:\build\build\src\layout\base\nsRefreshDriver.cpp:299 15:48:47 INFO - GECKO(2204) | #12 0x7fff64ac317e in mozilla::RefreshDriverTimer::Tick(class mozilla::TimeStamp) z:\build\build\src\layout\base\nsRefreshDriver.cpp:317 15:48:47 INFO - GECKO(2204) | #13 0x7fff64ac6862 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(class mozilla::TimeStamp) z:\build\build\src\layout\base\nsRefreshDriver.cpp:671 15:48:47 INFO - GECKO(2204) | #14 0x7fff64ac6deb in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::ParentProcessVsyncNotifier::Run(void) z:\build\build\src\layout\base\nsRefreshDriver.cpp:512 15:48:47 INFO - GECKO(2204) | #15 0x7fff5b2252e7 in nsThread::ProcessNextEvent(bool,bool *) z:\build\build\src\xpcom\threads\nsThread.cpp:1051 15:48:47 INFO - GECKO(2204) | #16 0x7fff5b22d76e in NS_ProcessNextEvent(class nsIThread *,bool) z:\build\build\src\xpcom\threads\nsThreadUtils.cpp:519 15:48:47 INFO - GECKO(2204) | #17 0x7fff5c278469 in mozilla::ipc::MessagePump::Run(class base::MessagePump::Delegate *) z:\build\build\src\ipc\glue\MessagePump.cpp:97 15:48:47 INFO - GECKO(2204) | #18 0x7fff5c1daf2e in MessageLoop::RunHandler(void) z:\build\build\src\ipc\chromium\src\base\message_loop.cc:318 15:48:47 INFO - GECKO(2204) | #19 0x7fff5c1dacb6 in MessageLoop::Run(void) z:\build\build\src\ipc\chromium\src\base\message_loop.cc:298 15:48:47 INFO - GECKO(2204) | #20 0x7fff64351dea in nsBaseAppShell::Run(void) z:\build\build\src\widget\nsBaseAppShell.cpp:158 15:48:47 INFO - GECKO(2204) | #21 0x7fff644dd8f7 in nsAppShell::Run(void) z:\build\build\src\widget\windows\nsAppShell.cpp:415 15:48:47 INFO - GECKO(2204) | #22 0x7fff686c357e in nsAppStartup::Run(void) z:\build\build\src\toolkit\components\startup\nsAppStartup.cpp:290 15:48:47 INFO - GECKO(2204) | #23 0x7fff689594a8 in XREMain::XRE_mainRun(void) z:\build\build\src\toolkit\xre\nsAppRunner.cpp:4761 15:48:47 INFO - GECKO(2204) | #24 0x7fff6895ecc4 in XREMain::XRE_main(int,char * * const,struct mozilla::BootstrapConfig const &) z:\build\build\src\toolkit\xre\nsAppRunner.cpp:4906 15:48:47 INFO - GECKO(2204) | #25 0x7fff689611d0 in XRE_main(int,char * * const,struct mozilla::BootstrapConfig const &) z:\build\build\src\toolkit\xre\nsAppRunner.cpp:4998 15:48:47 INFO - GECKO(2204) | #26 0x7ff620b61e3d (Z:\task_1531495087\build\application\firefox\firefox.exe+0x140001e3d) 15:48:47 INFO - GECKO(2204) | #27 0x7ff620b61529 (Z:\task_1531495087\build\application\firefox\firefox.exe+0x140001529) 15:48:47 INFO - GECKO(2204) | #28 0x7ff620c5b5a7 (Z:\task_1531495087\build\application\firefox\firefox.exe+0x1400fb5a7) 15:48:47 INFO - GECKO(2204) | #29 0x7fff972a2773 (C:\Windows\System32\KERNEL32.DLL+0x180012773) 15:48:47 INFO - GECKO(2204) | previously allocated by thread T0 here: 15:48:47 INFO - GECKO(2204) | #0 0x7fff79f53890 (Z:\task_1531495087\build\application\firefox\clang_rt.asan_dynamic-x86_64.dll+0x180033890) 15:48:47 INFO - GECKO(2204) | #1 0x7fff667e4db3 in _moz_cairo_create z:\build\build\src\gfx\cairo\cairo\src\cairo.c:384 15:48:47 INFO - GECKO(2204) | #2 0x7fff5d704d6e in mozilla::gfx::DrawTargetCairo::InitAlreadyReferenced(struct _cairo_surface *,struct mozilla::gfx::IntSizeTyped<struct mozilla::gfx::UnknownUnits> const &,enum mozilla::gfx::SurfaceFormat *) z:\build\build\src\gfx\2d\DrawTargetCairo.cpp:1919 15:48:47 INFO - GECKO(2204) | #3 0x7fff5d62f8b5 in mozilla::gfx::Factory::CreateDrawTargetForCairoSurface(struct _cairo_surface *,struct mozilla::gfx::IntSizeTyped<struct mozilla::gfx::UnknownUnits> const &,enum mozilla::gfx::SurfaceFormat *) z:\build\build\src\gfx\2d\Factory.cpp:1021 15:48:47 INFO - GECKO(2204) | #4 0x7fff5e17064c in gfxPlatform::CreateDrawTargetForSurface(class gfxASurface *,struct mozilla::gfx::IntSizeTyped<struct mozilla::gfx::UnknownUnits> const &) z:\build\build\src\gfx\thebes\gfxPlatform.cpp:1149 15:48:47 INFO - GECKO(2204) | #5 0x7fff643fb97b in mozilla::widget::WinCompositorWidget::ClearTransparentWindow(void) z:\build\build\src\widget\windows\WinCompositorWidget.cpp:305 15:48:47 INFO - GECKO(2204) | #6 0x7fff645589ed in nsWindow::Show(bool) z:\build\build\src\widget\windows\nsWindow.cpp:1638 15:48:47 INFO - GECKO(2204) | #7 0x7fff64260c11 in nsView::DoResetWidgetBounds(bool,bool) z:\build\build\src\view\nsView.cpp:342 15:48:47 INFO - GECKO(2204) | #8 0x7fff6426e8d7 in nsViewManager::ProcessPendingUpdatesForView(class nsView *,bool) z:\build\build\src\view\nsViewManager.cpp:399 15:48:47 INFO - GECKO(2204) | #9 0x7fff64276d66 in nsViewManager::UpdateWidgetGeometry(void) z:\build\build\src\view\nsViewManager.cpp:1117 15:48:47 INFO - GECKO(2204) | #10 0x7fff64b34392 in mozilla::PresShell::DoFlushPendingNotifications(struct mozilla::ChangesToFlush) z:\build\build\src\layout\base\PresShell.cpp:4353 15:48:47 INFO - GECKO(2204) | #11 0x7fff64aaff15 in nsRefreshDriver::Tick(class mozilla::TimeStamp) z:\build\build\src\layout\base\nsRefreshDriver.cpp:1928 15:48:47 INFO - GECKO(2204) | #12 0x7fff64ac34ed in mozilla::RefreshDriverTimer::TickRefreshDrivers(class mozilla::TimeStamp,class nsTArray<class RefPtr<class nsRefreshDriver> > &) z:\build\build\src\layout\base\nsRefreshDriver.cpp:299 15:48:47 INFO - GECKO(2204) | #13 0x7fff64ac317e in mozilla::RefreshDriverTimer::Tick(class mozilla::TimeStamp) z:\build\build\src\layout\base\nsRefreshDriver.cpp:317 15:48:47 INFO - GECKO(2204) | #14 0x7fff64ac6862 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(class mozilla::TimeStamp) z:\build\build\src\layout\base\nsRefreshDriver.cpp:671 15:48:47 INFO - GECKO(2204) | #15 0x7fff64ac6deb in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::ParentProcessVsyncNotifier::Run(void) z:\build\build\src\layout\base\nsRefreshDriver.cpp:512 15:48:47 INFO - GECKO(2204) | #16 0x7fff5b2252e7 in nsThread::ProcessNextEvent(bool,bool *) z:\build\build\src\xpcom\threads\nsThread.cpp:1051 15:48:47 INFO - GECKO(2204) | #17 0x7fff5b22d76e in NS_ProcessNextEvent(class nsIThread *,bool) z:\build\build\src\xpcom\threads\nsThreadUtils.cpp:519 15:48:47 INFO - GECKO(2204) | #18 0x7fff5c278469 in mozilla::ipc::MessagePump::Run(class base::MessagePump::Delegate *) z:\build\build\src\ipc\glue\MessagePump.cpp:97 15:48:47 INFO - GECKO(2204) | #19 0x7fff5c1daf2e in MessageLoop::RunHandler(void) z:\build\build\src\ipc\chromium\src\base\message_loop.cc:318 15:48:47 INFO - GECKO(2204) | #20 0x7fff5c1dacb6 in MessageLoop::Run(void) z:\build\build\src\ipc\chromium\src\base\message_loop.cc:298 15:48:47 INFO - GECKO(2204) | #21 0x7fff64351dea in nsBaseAppShell::Run(void) z:\build\build\src\widget\nsBaseAppShell.cpp:158 15:48:47 INFO - GECKO(2204) | #22 0x7fff644dd8f7 in nsAppShell::Run(void) z:\build\build\src\widget\windows\nsAppShell.cpp:415 15:48:47 INFO - GECKO(2204) | #23 0x7fff686c357e in nsAppStartup::Run(void) z:\build\build\src\toolkit\components\startup\nsAppStartup.cpp:290 15:48:47 INFO - GECKO(2204) | #24 0x7fff689594a8 in XREMain::XRE_mainRun(void) z:\build\build\src\toolkit\xre\nsAppRunner.cpp:4761 15:48:47 INFO - GECKO(2204) | #25 0x7fff6895ecc4 in XREMain::XRE_main(int,char * * const,struct mozilla::BootstrapConfig const &) z:\build\build\src\toolkit\xre\nsAppRunner.cpp:4906 15:48:47 INFO - GECKO(2204) | #26 0x7fff689611d0 in XRE_main(int,char * * const,struct mozilla::BootstrapConfig const &) z:\build\build\src\toolkit\xre\nsAppRunner.cpp:4998 15:48:47 INFO - GECKO(2204) | #27 0x7ff620b61e3d (Z:\task_1531495087\build\application\firefox\firefox.exe+0x140001e3d) 15:48:47 INFO - GECKO(2204) | #28 0x7ff620b61529 (Z:\task_1531495087\build\application\firefox\firefox.exe+0x140001529) 15:48:47 INFO - GECKO(2204) | #29 0x7ff620c5b5a7 (Z:\task_1531495087\build\application\firefox\firefox.exe+0x1400fb5a7) 15:48:47 INFO - GECKO(2204) | Thread T56 created by T0 here: 15:48:47 INFO - GECKO(2204) | #0 0x7fff79f5edf0 (Z:\task_1531495087\build\application\firefox\clang_rt.asan_dynamic-x86_64.dll+0x18003edf0) 15:48:47 INFO - GECKO(2204) | #1 0x7fff5c1b1d2f in PlatformThread::Create(unsigned __int64,class PlatformThread::Delegate *,void * *) z:\build\build\src\ipc\chromium\src\base\platform_thread_win.cc:86 15:48:47 INFO - GECKO(2204) | #2 0x7fff5c1eafdc in base::Thread::StartWithOptions(struct base::Thread::Options const &) z:\build\build\src\ipc\chromium\src\base\thread.cc:99 15:48:47 INFO - GECKO(2204) | #3 0x7fff5e081b3c in mozilla::layers::CompositorThreadHolder::CompositorThreadHolder(void) z:\build\build\src\gfx\layers\ipc\CompositorThread.cpp:53 15:48:47 INFO - GECKO(2204) | #4 0x7fff5e081f20 in mozilla::layers::CompositorThreadHolder::Start(void) z:\build\build\src\gfx\layers\ipc\CompositorThread.cpp:124 15:48:47 INFO - GECKO(2204) | #5 0x7fff5e16d339 in gfxPlatform::InitLayersIPC(void) z:\build\build\src\gfx\thebes\gfxPlatform.cpp:1069 15:48:47 INFO - GECKO(2204) | #6 0x7fff5e1672cf in gfxPlatform::Init(void) z:\build\build\src\gfx\thebes\gfxPlatform.cpp:778 15:48:47 INFO - GECKO(2204) | #7 0x7fff5e164333 in gfxPlatform::GetPlatform(void) z:\build\build\src\gfx\thebes\gfxPlatform.cpp:535 15:48:47 INFO - GECKO(2204) | #8 0x7fff64aa6cbc in nsRefreshDriver::ChooseTimer(void)const z:\build\build\src\layout\base\nsRefreshDriver.cpp:1100 15:48:47 INFO - GECKO(2204) | #9 0x7fff64aaa91b in nsRefreshDriver::EnsureTimerStarted(enum nsRefreshDriver::EnsureTimerStartedFlags) z:\build\build\src\layout\base\nsRefreshDriver.cpp:1356 15:48:47 INFO - GECKO(2204) | #10 0x7fff64b14bb6 in nsRefreshDriver::AddStyleFlushObserver(class nsIPresShell *) z:\build\build\src\layout\base\nsRefreshDriver.h:201 15:48:47 INFO - GECKO(2204) | #11 0x7fff64cf1714 in nsPresContext::CompatibilityModeChanged(void) z:\build\build\src\layout\base\nsPresContext.cpp:1179 15:48:47 INFO - GECKO(2204) | #12 0x7fff64b0e484 in mozilla::PresShell::Init(class nsIDocument *,class nsPresContext *,class nsViewManager *,class mozilla::UniquePtr<class mozilla::ServoStyleSet,class mozilla::DefaultDelete<class mozilla::ServoStyleSet> >) z:\build\build\src\layout\base\PresShell.cpp:955 15:48:47 INFO - GECKO(2204) | #13 0x7fff5ebe36c1 in nsIDocument::CreateShell(class nsPresContext *,class nsViewManager *,class mozilla::UniquePtr<class mozilla::ServoStyleSet,class mozilla::DefaultDelete<class mozilla::ServoStyleSet> >) z:\build\build\src\dom\base\nsDocument.cpp:3758 15:48:47 INFO - GECKO(2204) | #14 0x7fff64c3224f in nsDocumentViewer::InitPresentationStuff(bool) z:\build\build\src\layout\base\nsDocumentViewer.cpp:797 15:48:47 INFO - GECKO(2204) | #15 0x7fff64c3159d in nsDocumentViewer::InitInternal(class nsIWidget *,class nsISupports *,struct mozilla::gfx::IntRectTyped<struct mozilla::gfx::UnknownUnits> const &,bool,bool,bool) z:\build\build\src\layout\base\nsDocumentViewer.cpp:1047 15:48:47 INFO - GECKO(2204) | #16 0x7fff64c30740 in nsDocumentViewer::Init(class nsIWidget *,struct mozilla::gfx::IntRectTyped<struct mozilla::gfx::UnknownUnits> const &) z:\build\build\src\layout\base\nsDocumentViewer.cpp:772 15:48:47 INFO - GECKO(2204) | #17 0x7fff67d5bc87 in nsDocShell::SetupNewViewer(class nsIContentViewer *) z:\build\build\src\docshell\base\nsDocShell.cpp:8845 15:48:47 INFO - GECKO(2204) | #18 0x7fff67d5a682 in nsDocShell::Embed(class nsIContentViewer *,char const *,class nsISupports *) z:\build\build\src\docshell\base\nsDocShell.cpp:6655 15:48:47 INFO - GECKO(2204) | #19 0x7fff67d6b8aa in nsDocShell::CreateAboutBlankContentViewer(class nsIPrincipal *,class nsIURI *,bool,bool) z:\build\build\src\docshell\base\nsDocShell.cpp:7534 15:48:47 INFO - GECKO(2204) | #20 0x7fff67d6cf7a in nsDocShell::CreateAboutBlankContentViewer(class nsIPrincipal *) z:\build\build\src\docshell\base\nsDocShell.cpp:7559 15:48:47 INFO - GECKO(2204) | #21 0x7fff67dfc1f0 in nsWebShellWindow::Initialize(class nsIXULWindow *,class nsIXULWindow *,class nsIURI *,int,int,bool,class nsITabParent *,class mozIDOMWindowProxy *,struct nsWidgetInitData &) z:\build\build\src\xpfe\appshell\nsWebShellWindow.cpp:233 15:48:47 INFO - GECKO(2204) | #22 0x7fff67df6078 in nsAppShellService::JustCreateTopWindow(class nsIXULWindow *,class nsIURI *,unsigned int,int,int,bool,class nsITabParent *,class mozIDOMWindowProxy *,class nsWebShellWindow * *) z:\build\build\src\xpfe\appshell\nsAppShellService.cpp:742 15:48:47 INFO - GECKO(2204) | #23 0x7fff67df82ac in nsAppShellService::CreateTopLevelWindow(class nsIXULWindow *,class nsIURI *,unsigned int,int,int,class nsITabParent *,class mozIDOMWindowProxy *,class nsIXULWindow * *) z:\build\build\src\xpfe\appshell\nsAppShellService.cpp:200 15:48:47 INFO - GECKO(2204) | #24 0x7fff686c5e7f in nsAppStartup::CreateChromeWindow2(class nsIWebBrowserChrome *,unsigned int,class nsITabParent *,class mozIDOMWindowProxy *,unsigned __int64,bool *,class nsIWebBrowserChrome * *) z:\build\build\src\toolkit\components\startup\nsAppStartup.cpp:680 15:48:47 INFO - GECKO(2204) | #25 0x7fff688b3a64 in nsWindowWatcher::CreateChromeWindow(class nsTSubstring<char> const &,class nsIWebBrowserChrome *,unsigned int,class nsITabParent *,class mozIDOMWindowProxy *,unsigned __int64,class nsIWebBrowserChrome * *) z:\build\build\src\toolkit\components\windowwatcher\nsWindowWatcher.cpp:467 15:48:47 INFO - GECKO(2204) | #26 0x7fff688acc06 in nsWindowWatcher::OpenWindowInternal(class mozIDOMWindowProxy *,char const *,char const *,char const *,bool,bool,bool,class nsIArray *,bool,bool,class nsDocShellLoadInfo *,class mozIDOMWindowProxy * *) z:\build\build\src\toolkit\components\windowwatcher\nsWindowWatcher.cpp:938 15:48:47 INFO - GECKO(2204) | #27 0x7fff688aa0c4 in nsWindowWatcher::OpenWindow(class mozIDOMWindowProxy *,char const *,char const *,char const *,class nsISupports *,class mozIDOMWindowProxy * *) z:\build\build\src\toolkit\components\windowwatcher\nsWindowWatcher.cpp:327 15:48:48 INFO - GECKO(2204) | #28 0x7fff6b09bd91 in XPTC__InvokebyIndex (Z:\task_1531495087\build\application\firefox\xul.dll+0x19011bd91) 15:48:48 INFO - GECKO(2204) | #29 0x7fff5ce3eba1 in XPCWrappedNative::CallMethod(class XPCCallContext &,enum XPCWrappedNative::CallMode) z:\build\build\src\js\xpconnect\src\XPCWrappedNative.cpp:1186 15:48:48 INFO - GECKO(2204) | #30 0x7fff5ce45db9 in XPC_WN_CallMethod(struct JSContext *,unsigned int,union JS::Value *) z:\build\build\src\js\xpconnect\src\XPCWrappedNativeJSOps.cpp:893 15:48:48 INFO - GECKO(2204) | #31 0x7fff6a4c02fd in js::InternalCallOrConstruct(struct JSContext *,class JS::CallArgs const &,enum js::MaybeConstruct) z:\build\build\src\js\src\vm\Interpreter.cpp:532 15:48:48 INFO - GECKO(2204) | #32 0x7fff6a4c2485 in InternalCall z:\build\build\src\js\src\vm\Interpreter.cpp:583 15:48:48 INFO - GECKO(2204) | #33 0x7fff6a4a4623 in Interpret z:\build\build\src\js\src\vm\Interpreter.cpp:3237 15:48:48 INFO - GECKO(2204) | #34 0x7fff6a4886a0 in js::RunScript(struct JSContext *,class js::RunState &) z:\build\build\src\js\src\vm\Interpreter.cpp:424 15:48:48 INFO - GECKO(2204) | #35 0x7fff6a4c09c7 in js::InternalCallOrConstruct(struct JSContext *,class JS::CallArgs const &,enum js::MaybeConstruct) z:\build\build\src\js\src\vm\Interpreter.cpp:556 15:48:48 INFO - GECKO(2204) | #36 0x7fff6a4c2485 in InternalCall z:\build\build\src\js\src\vm\Interpreter.cpp:583 15:48:48 INFO - GECKO(2204) | #37 0x7fff6a4c26b6 in js::Call(struct JSContext *,class JS::Handle<union JS::Value>,class JS::Handle<union JS::Value>,class js::AnyInvokeArgs const &,class JS::MutableHandle<union JS::Value>) z:\build\build\src\js\src\vm\Interpreter.cpp:602 15:48:48 INFO - GECKO(2204) | #38 0x7fff68c1567b in JS_CallFunctionValue(struct JSContext *,class JS::Handle<class JSObject *>,class JS::Handle<union JS::Value>,class JS::HandleValueArray const &,class JS::MutableHandle<union JS::Value>) z:\build\build\src\js\src\jsapi.cpp:2828 15:48:48 INFO - GECKO(2204) | #39 0x7fff5ce24181 in nsXPCWrappedJSClass::CallMethod(class nsXPCWrappedJS *,unsigned short,struct nsXPTMethodInfo const *,struct nsXPTCMiniVariant *) z:\build\build\src\js\xpconnect\src\XPCWrappedJSClass.cpp:1123 15:48:48 INFO - GECKO(2204) | #40 0x7fff5ce21e13 in nsXPCWrappedJS::CallMethod(unsigned short,struct nsXPTMethodInfo const *,struct nsXPTCMiniVariant *) z:\build\build\src\js\xpconnect\src\XPCWrappedJS.cpp:611 15:48:48 INFO - GECKO(2204) | #41 0x7fff5b25b0b2 in PrepareAndDispatch z:\build\build\src\xpcom\reflect\xptcall\md\win32\xptcstubs_x86_64.cpp:173 15:48:48 INFO - GECKO(2204) | #42 0x7fff6b09bde8 in SharedStub (Z:\task_1531495087\build\application\firefox\xul.dll+0x19011bde8) 15:48:48 INFO - GECKO(2204) | #43 0x7fff5b1c90a7 in NS_CreateServicesFromCategory(char const *,class nsISupports *,char const *,UNKNOWN const *) z:\build\build\src\xpcom\components\nsCategoryManager.cpp:810 15:48:48 INFO - GECKO(2204) | #44 0x7fff68990049 in nsXREDirProvider::DoStartup(void) z:\build\build\src\toolkit\xre\nsXREDirProvider.cpp:999 15:48:48 INFO - GECKO(2204) | #45 0x7fff689589ae in XREMain::XRE_mainRun(void) z:\build\build\src\toolkit\xre\nsAppRunner.cpp:4589 15:48:48 INFO - GECKO(2204) | #46 0x7fff6895ecc4 in XREMain::XRE_main(int,char * * const,struct mozilla::BootstrapConfig const &) z:\build\build\src\toolkit\xre\nsAppRunner.cpp:4906 15:48:48 INFO - GECKO(2204) | #47 0x7fff689611d0 in XRE_main(int,char * * const,struct mozilla::BootstrapConfig const &) z:\build\build\src\toolkit\xre\nsAppRunner.cpp:4998 15:48:48 INFO - GECKO(2204) | #48 0x7ff620b61e3d (Z:\task_1531495087\build\application\firefox\firefox.exe+0x140001e3d) 15:48:48 INFO - GECKO(2204) | #49 0x7ff620b61529 (Z:\task_1531495087\build\application\firefox\firefox.exe+0x140001529) 15:48:48 INFO - GECKO(2204) | #50 0x7ff620c5b5a7 (Z:\task_1531495087\build\application\firefox\firefox.exe+0x1400fb5a7) 15:48:48 INFO - GECKO(2204) | #51 0x7fff972a2773 (C:\Windows\System32\KERNEL32.DLL+0x180012773) 15:48:48 INFO - GECKO(2204) | #52 0x7fff97500d60 (C:\Windows\SYSTEM32\ntdll.dll+0x180070d60) 15:48:48 INFO - GECKO(2204) | SUMMARY: AddressSanitizer: heap-use-after-free z:\build\build\src\gfx\cairo\cairo\src\cairo-gstate.c:218 in _cairo_gstate_fini 15:48:48 INFO - GECKO(2204) | Shadow bytes around the buggy address: 15:48:48 INFO - GECKO(2204) | 0x0506908cfa40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 15:48:48 INFO - GECKO(2204) | 0x0506908cfa50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 15:48:48 INFO - GECKO(2204) | 0x0506908cfa60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 15:48:48 INFO - GECKO(2204) | 0x0506908cfa70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 15:48:48 INFO - GECKO(2204) | 0x0506908cfa80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 15:48:48 INFO - GECKO(2204) | =>0x0506908cfa90: fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd 15:48:48 INFO - GECKO(2204) | 0x0506908cfaa0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 15:48:48 INFO - GECKO(2204) | 0x0506908cfab0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 15:48:48 INFO - GECKO(2204) | 0x0506908cfac0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 15:48:48 INFO - GECKO(2204) | 0x0506908cfad0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 15:48:48 INFO - GECKO(2204) | 0x0506908cfae0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 15:48:48 INFO - GECKO(2204) | Shadow byte legend (one shadow byte represents 8 application bytes): 15:48:48 INFO - GECKO(2204) | Addressable: 00 15:48:48 INFO - GECKO(2204) | Partially addressable: 01 02 03 04 05 06 07 15:48:48 INFO - GECKO(2204) | Heap left redzone: fa 15:48:48 INFO - GECKO(2204) | Freed heap region: fd 15:48:48 INFO - GECKO(2204) | Stack left redzone: f1 15:48:48 INFO - GECKO(2204) | Stack mid redzone: f2 15:48:48 INFO - GECKO(2204) | Stack right redzone: f3 15:48:48 INFO - GECKO(2204) | Stack after return: f5 15:48:48 INFO - GECKO(2204) | Stack use after scope: f8 15:48:48 INFO - GECKO(2204) | Global redzone: f9 15:48:48 INFO - GECKO(2204) | Global init order: f6 15:48:48 INFO - GECKO(2204) | Poisoned by user: f7 15:48:48 INFO - GECKO(2204) | Container overflow: fc 15:48:48 INFO - GECKO(2204) | Array cookie: ac 15:48:48 INFO - GECKO(2204) | Intra object redzone: bb 15:48:48 INFO - GECKO(2204) | ASan internal: fe 15:48:48 INFO - GECKO(2204) | Left alloca redzone: ca 15:48:48 INFO - GECKO(2204) | Right alloca redzone: cb 15:48:48 INFO - GECKO(2204) | Shadow gap: cc 15:48:48 INFO - GECKO(2204) | ==2204==ABORTING
|
||
Comment 1•6 years ago
|
||
Calling it sec-moderate for the same reason as bug 1467363.
Keywords: sec-moderate
|
||
Comment 4•4 years ago
|
||
No longer occurring.
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WORKSFORME
|
|
||
Updated•2 years ago
|
Group: gfx-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•