Closed
Bug 1492078
Opened 6 years ago
Closed 6 years ago
AddressSanitizer: heap-use-after-free [@ TakeAndAddModifiedAndFramesWithPropsFromRootFrame] with READ of size 8
Categories
(Core :: Web Painting, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1492031
People
(Reporter: decoder, Unassigned)
Details
(4 keywords)
Attachments
(1 file)
|
15.26 KB,
text/plain
|
Details |
The attached crash information was submitted via the ASan Nightly Reporter on mozilla-central-asan-nightly revision 64.0a1-20180917220115-https://hg.mozilla.org/mozilla-central/rev/87a95e1b7ec691bef7b938e722fe1b01cce68664.
For detailed crash information, see attachment.
|
Reporter | |
Comment 1•6 years ago
|
||
|
|
Reporter | |
Updated•6 years ago
|
Flags: sec-bounty?
|
||
Comment 3•6 years ago
|
||
Matt, maybe you could take a look? Thanks.
Group: core-security → layout-core-security
Component: Layout → Layout: Web Painting
Flags: needinfo?(matt.woodrow)
Keywords: csectype-uaf
|
|
||
Comment 4•6 years ago
|
||
RyanVM pointed out that there are some existing display list crashes that were fixed by a backout, and this looks like one of them.
Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(matt.woodrow)
Resolution: --- → DUPLICATE
|
||
Updated•6 years ago
|
Flags: sec-bounty? → sec-bounty-
|
||
Updated•6 years ago
|
status-firefox64:
affected → ---
|
||
Updated•2 years ago
|
Group: layout-core-security
|
||
Updated•9 months ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•