Closed Bug 1492392 Opened 7 years ago Closed 7 years ago

Crash in arena_dalloc | mozilla::dom::WorkerCSPEventListener::Release

Categories

(Core :: DOM: Security, defect, P1)

Product:
Core
Component:
DOM: Security
Version:
64 Branch
Platform:
Unspecified
Windows 8
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1493629
Tracking Flags:
Tracking Status
firefox-esr60 --- unaffected
firefox62 --- unaffected
firefox63 --- unaffected
firefox64 --- fixed

People

(Reporter: calixte, Assigned: baku)

References

(Blocks 1 open bug)

Details

(4 keywords, Whiteboard: [domsecurity-active])

Crash Data

This bug was filed from the Socorro interface and is report bp-da936653-f44b-4c27-afcb-2be740180919. ============================================================= Top 10 frames of crashing thread: 0 mozglue.dll static void arena_dalloc memory/build/mozjemalloc.cpp:3527 1 xul.dll mozilla::dom::WorkerCSPEventListener::Release dom/workers/WorkerCSPEventListener.cpp:51 2 xul.dll mozilla::net::InterceptedHttpChannel::SetReleaseHandle netwerk/protocol/http/InterceptedHttpChannel.cpp:1036 3 xul.dll bool mozilla::dom::WorkerPrivate::EnsureCSPEventListener dom/workers/WorkerPrivate.cpp:3454 4 xul.dll ?WorkerRun@CompileScriptRunnable@?A0x30C6BC27@dom@mozilla@@EEAA_NPEAUJSContext@@PEAVWorkerPrivate@23@@Z$37675862552aedd537fb67d4bee880bd dom/workers/WorkerPrivate.cpp:361 5 xul.dll mozilla::dom::WorkerRunnable::Run dom/workers/WorkerRunnable.cpp:380 6 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1161 7 xul.dll NS_ProcessNextEvent xpcom/threads/nsThreadUtils.cpp:519 8 xul.dll mozilla::dom::WorkerPrivate::DoRunLoop dom/workers/WorkerPrivate.cpp:3300 9 xul.dll ?Run@WorkerThreadPrimaryRunnable@?A0x8B636B8F@workerinternals@dom@mozilla@@EEAA?AW4nsresult@@XZ$d11c0b53d5c0641183c27c17523f40b2 dom/workers/RuntimeService.cpp:2759 ============================================================= There is 1 crash in nightly 64 with buildid 20180918075510. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1490165. [1] https://hg.mozilla.org/mozilla-central/rev?node=cc8df9e94e81
Flags: needinfo?(amarchesini)
Marking as s-s for now. I think baku is on it already.
Group: dom-core-security
These crashes are all hitting this release assert: MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)
Keywords: csectype-uaf, sec-high
Assignee: nobody → amarchesini
Priority: -- → P1
Whiteboard: [domsecurity-active]
This is a dup of 1493629.
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(amarchesini)
Resolution: --- → DUPLICATE
Group: dom-core-security
You need to log in before you can comment on or make changes to this bug.