Closed Bug 1492392 Opened Last year Closed Last year

Crash in arena_dalloc | mozilla::dom::WorkerCSPEventListener::Release

Categories

(Core :: DOM: Security, defect, P1, critical)

64 Branch
Unspecified
Windows 8
defect

Tracking

()

RESOLVED DUPLICATE of bug 1493629
Tracking Status
firefox-esr60 --- unaffected
firefox62 --- unaffected
firefox63 --- unaffected
firefox64 --- fixed

People

(Reporter: calixte, Assigned: baku)

References

(Blocks 1 open bug)

Details

(4 keywords, Whiteboard: [domsecurity-active])

Crash Data

This bug was filed from the Socorro interface and is
report bp-da936653-f44b-4c27-afcb-2be740180919.
=============================================================

Top 10 frames of crashing thread:

0 mozglue.dll static void arena_dalloc memory/build/mozjemalloc.cpp:3527
1 xul.dll mozilla::dom::WorkerCSPEventListener::Release dom/workers/WorkerCSPEventListener.cpp:51
2 xul.dll mozilla::net::InterceptedHttpChannel::SetReleaseHandle netwerk/protocol/http/InterceptedHttpChannel.cpp:1036
3 xul.dll bool mozilla::dom::WorkerPrivate::EnsureCSPEventListener dom/workers/WorkerPrivate.cpp:3454
4 xul.dll ?WorkerRun@CompileScriptRunnable@?A0x30C6BC27@dom@mozilla@@EEAA_NPEAUJSContext@@PEAVWorkerPrivate@23@@Z$37675862552aedd537fb67d4bee880bd dom/workers/WorkerPrivate.cpp:361
5 xul.dll mozilla::dom::WorkerRunnable::Run dom/workers/WorkerRunnable.cpp:380
6 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1161
7 xul.dll NS_ProcessNextEvent xpcom/threads/nsThreadUtils.cpp:519
8 xul.dll mozilla::dom::WorkerPrivate::DoRunLoop dom/workers/WorkerPrivate.cpp:3300
9 xul.dll ?Run@WorkerThreadPrimaryRunnable@?A0x8B636B8F@workerinternals@dom@mozilla@@EEAA?AW4nsresult@@XZ$d11c0b53d5c0641183c27c17523f40b2 dom/workers/RuntimeService.cpp:2759

=============================================================

There is 1 crash in nightly 64 with buildid 20180918075510. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1490165.

[1] https://hg.mozilla.org/mozilla-central/rev?node=cc8df9e94e81
Flags: needinfo?(amarchesini)
Marking as s-s for now. I think baku is on it already.
Group: dom-core-security
These crashes are all hitting this release assert:
  MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)
Assignee: nobody → amarchesini
Priority: -- → P1
Whiteboard: [domsecurity-active]
This is a dup of 1493629.
Status: NEW → RESOLVED
Closed: Last year
Flags: needinfo?(amarchesini)
Resolution: --- → DUPLICATE
Duplicate of bug: 1493629
Group: dom-core-security
You need to log in before you can comment on or make changes to this bug.