Closed
Bug 1492392
Opened 5 years ago
Closed 5 years ago
Crash in arena_dalloc | mozilla::dom::WorkerCSPEventListener::Release
Categories
(Core :: DOM: Security, defect, P1)
Tracking
()
RESOLVED
DUPLICATE
of bug 1493629
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox62 | --- | unaffected |
| firefox63 | --- | unaffected |
| firefox64 | --- | fixed |
People
(Reporter: calixte, Assigned: baku)
References
(Blocks 1 open bug)
Details
(4 keywords, Whiteboard: [domsecurity-active])
Crash Data
This bug was filed from the Socorro interface and is report bp-da936653-f44b-4c27-afcb-2be740180919. ============================================================= Top 10 frames of crashing thread: 0 mozglue.dll static void arena_dalloc memory/build/mozjemalloc.cpp:3527 1 xul.dll mozilla::dom::WorkerCSPEventListener::Release dom/workers/WorkerCSPEventListener.cpp:51 2 xul.dll mozilla::net::InterceptedHttpChannel::SetReleaseHandle netwerk/protocol/http/InterceptedHttpChannel.cpp:1036 3 xul.dll bool mozilla::dom::WorkerPrivate::EnsureCSPEventListener dom/workers/WorkerPrivate.cpp:3454 4 xul.dll ?WorkerRun@CompileScriptRunnable@?A0x30C6BC27@dom@mozilla@@EEAA_NPEAUJSContext@@PEAVWorkerPrivate@23@@Z$37675862552aedd537fb67d4bee880bd dom/workers/WorkerPrivate.cpp:361 5 xul.dll mozilla::dom::WorkerRunnable::Run dom/workers/WorkerRunnable.cpp:380 6 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1161 7 xul.dll NS_ProcessNextEvent xpcom/threads/nsThreadUtils.cpp:519 8 xul.dll mozilla::dom::WorkerPrivate::DoRunLoop dom/workers/WorkerPrivate.cpp:3300 9 xul.dll ?Run@WorkerThreadPrimaryRunnable@?A0x8B636B8F@workerinternals@dom@mozilla@@EEAA?AW4nsresult@@XZ$d11c0b53d5c0641183c27c17523f40b2 dom/workers/RuntimeService.cpp:2759 ============================================================= There is 1 crash in nightly 64 with buildid 20180918075510. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1490165. [1] https://hg.mozilla.org/mozilla-central/rev?node=cc8df9e94e81
Flags: needinfo?(amarchesini)
|
||
Comment 1•5 years ago
|
||
Marking as s-s for now. I think baku is on it already.
Group: dom-core-security
|
||
Comment 2•5 years ago
|
||
These crashes are all hitting this release assert: MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)
Keywords: csectype-uaf,
sec-high
|
||
Updated•5 years ago
|
Assignee: nobody → amarchesini
Priority: -- → P1
Whiteboard: [domsecurity-active]
|
Assignee | |
Comment 3•5 years ago
|
||
This is a dup of 1493629.
Status: NEW → RESOLVED
Closed: 5 years ago
Flags: needinfo?(amarchesini)
Resolution: --- → DUPLICATE
|
|
||
Updated•4 years ago
|
Group: dom-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•