Crash in GraphWalker<T>::DoWalk

RESOLVED DUPLICATE of bug 500105

Status

()

defect
--
critical
RESOLVED DUPLICATE of bug 500105
8 months ago
7 months ago

People

(Reporter: marcia, Unassigned)

Tracking

({crash, regression})

Trunk
Points:
---

Firefox Tracking Flags

(firefox62 wontfix, firefox63 fix-optional, firefox64 fix-optional)

Details

(crash signature)

This bug was filed from the Socorro interface and is
report bp-abcf9c93-c350-4408-bfc2-56d0e0180906.
=============================================================

Seen while looking at release crash stats (not sure if this is the correct component). There is an old bug associated with this signature - Bug 500105, but while looking at reports I see some in 62 that are possible UAFs: https://bit.ly/2oU6XFK

facebook and youtube.com are the most common URLs in 62.0.

Top 10 frames of crashing thread:

0 xul.dll GraphWalker<ScanBlackVisitor>::DoWalk xpcom/base/nsCycleCollector.cpp:1518
1 xul.dll GraphWalker<ScanBlackVisitor>::Walk xpcom/base/nsCycleCollector.cpp:1489
2 xul.dll nsCycleCollector::ScanBlackNodes xpcom/base/nsCycleCollector.cpp:3256
3 xul.dll nsCycleCollector::ScanRoots xpcom/base/nsCycleCollector.cpp:3286
4 xul.dll nsCycleCollector::Collect xpcom/base/nsCycleCollector.cpp:3776
5 xul.dll nsCycleCollector_collectSlice xpcom/base/nsCycleCollector.cpp:4343
6 xul.dll nsJSContext::RunCycleCollectorSlice dom/base/nsJSEnvironment.cpp:1546
7 xul.dll static bool ICCRunnerFired dom/base/nsJSEnvironment.cpp:1605
8 xul.dll std::_Func_impl_no_alloc<bool  vs2017_15.6.6/VC/include/functional:16707566
9 xul.dll mozilla::IdleTaskRunner::Run xpcom/threads/IdleTaskRunner.cpp:63

=============================================================
Yeah, any GC or CC crash can result in a UAF. I don't think anything in gained by having a separate hidden bug for this signature.
Group: core-security
Status: NEW → RESOLVED
Last Resolved: 8 months ago
Resolution: --- → DUPLICATE
Duplicate of bug: 500105
You need to log in before you can comment on or make changes to this bug.