Closed
Bug 1516179
Opened 7 years ago
Closed 7 years ago
UAF (read) in mozilla::BackgroundHangAnnotators::GatherAnnotations()
Categories
(Core :: Performance: General, defect)
Core
Performance: General
Tracking
()
RESOLVED
FIXED
mozilla66
People
(Reporter: jseward, Assigned: nika)
Details
(Keywords: csectype-uaf, sec-moderate, Whiteboard: [post-critsmash-triage][adv-main66+])
Attachments
(2 files)
I've noticed this several times in the past couple of weeks, when running Fx on Valgrind. I think it happens when a content process quits, but am not sure.
|
Reporter | |
Updated•7 years ago
|
Flags: needinfo?(nika)
|
|
Reporter | |
Comment 1•7 years ago
|
||
|
Assignee | |
Updated•7 years ago
|
Flags: needinfo?(nika)
|
|
Assignee | |
Comment 2•7 years ago
|
||
|
||
Comment 3•7 years ago
|
||
This sounds like some kind of shutdown race so it doesn't sound too severe.
Assignee: nobody → nika
Keywords: csectype-uaf,
sec-moderate
|
||
Comment 4•7 years ago
|
||
https://hg.mozilla.org/integration/autoland/rev/7f9e45f01772c640564c9e488a7ceed477c1f6d3
https://hg.mozilla.org/mozilla-central/rev/7f9e45f01772
Group: core-security → core-security-release
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox66:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla66
|
||
Comment 5•7 years ago
|
||
Is this something we should consider backporting or can it ride the trains?
status-firefox64:
--- → wontfix
status-firefox65:
--- → affected
status-firefox-esr60:
--- → affected
Flags: needinfo?(nika)
|
|
Assignee | |
Comment 6•7 years ago
|
||
Should be pretty harmless to backport, but it doesn't seem super bad, so can probably ride the trains.
Flags: needinfo?(nika)
|
|
||
Updated•7 years ago
|
|
||
Updated•7 years ago
|
Flags: qe-verify-
Whiteboard: [post-critsmash-triage]
|
||
Updated•6 years ago
|
Whiteboard: [post-critsmash-triage] → [post-critsmash-triage][adv-main66+]
|
||
Updated•5 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•