Closed Bug 1521474 Opened 7 years ago Closed 7 years ago

Crash in nsHostResolver::ResolveHost

Categories

(Core :: Networking: DNS, defect)

Product:
Core
Component:
Networking: DNS
Platform:
Unspecified
Android
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1513519

People

(Reporter: gsvelto, Unassigned)

Details

(Keywords: crash)

Crash Data

This bug is for crash report bp-d702cb1b-4521-4b0f-8e31-6c6b30190121.

Top 10 frames of crashing thread:

0 libxul.so nsHostResolver::ResolveHost mfbt/RefPtr.h:44
1 libxul.so nsDNSService::AsyncResolveInternal netwerk/dns/nsDNSService2.cpp:849
2 libxul.so nsHTMLDNSPrefetch::nsDeferrals::SubmitQueue dom/html/nsHTMLDNSPrefetch.cpp:376
3 libxul.so nsHTMLDNSPrefetch::nsDeferrals::OnStateChange dom/html/nsHTMLDNSPrefetch.cpp:472
4 libxul.so nsDocLoader::DoFireOnStateChange uriloader/base/nsDocLoader.cpp:1235
5 libxul.so nsDocLoader::doStopDocumentLoad uriloader/base/nsDocLoader.cpp:794
6 libxul.so nsDocLoader::DocLoaderIsEmpty uriloader/base/nsDocLoader.cpp:693
7 libxul.so nsDocLoader::OnStopRequest uriloader/base/nsDocLoader.cpp:588
8 libxul.so non-virtual thunk to nsDocLoader::OnStopRequest uriloader/base/nsDocLoader.cpp
9 libxul.so mozilla::net::nsLoadGroup::RemoveRequest netwerk/base/nsLoadGroup.cpp:575

A lot of crash addresses start with the e5e5e5 pattern so this is most likely an UAF. Curiously it seems to be Android-only.

Flags: needinfo?(dd.mozilla)

This is dup of 1513519.

Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(dd.mozilla)
Resolution: --- → DUPLICATE

Can you reproduce it?

Flags: needinfo?(gsvelto)

Unfortunately not, I found this during triage. Looking at the reports' URLs the one that comes up most often is http://m.spiegel.de/. There's no useful comments though.

Flags: needinfo?(gsvelto)
Group: network-core-security
Component: DOM: Core & HTML → Networking: DNS
Group: network-core-security
You need to log in before you can comment on or make changes to this bug.