Closed
Bug 1525351
Opened 5 years ago
Closed 5 years ago
Crash in gfxOTSContext::Message
Categories
(Core :: Graphics: Text, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1524246
People
(Reporter: marcia, Unassigned)
Details
(Keywords: crash, regression, Whiteboard: [adv-main66-])
Crash Data
This bug is for crash report bp-33c80048-131b-4435-ab55-773a00190122.
Seen while looking at nightly crash stats: https://bit.ly/2DVaBHI. Marking as a possible UAF based on crash addresses. Goes back to at least when nightly was in 66, Build ID 20190122094123
Top 10 frames of crashing thread:
0 libxul.so gfxOTSContext::Message gfx/thebes/gfxUserFontSet.cpp:220
1 libxul.so ots::ParseScriptListTable gfx/ots/src/layout.cc:1221
2 libxul.so ots::OpenTypeGSUB::Parse gfx/ots/src/gsub.cc:642
3 libxul.so ots::Font::ParseTable gfx/ots/src/ots.cc:946
4 libxul.so gfx/ots/src/ots.cc:697
5 libxul.so ots::OTSContext::Process gfx/ots/src/ots.cc:502
6 libxul.so gfxUserFontEntry::LoadPlatformFont gfx/thebes/gfxUserFontSet.cpp:252
7 libxul.so gfxUserFontEntry::FontDataDownloadComplete gfx/thebes/gfxUserFontSet.cpp:805
8 libxul.so nsFontFaceLoader::OnStreamComplete layout/style/nsFontFaceLoader.cpp:256
9 libxul.so mozilla::net::nsStreamLoader::OnStopRequest netwerk/base/nsStreamLoader.cpp:94
Comment 1•5 years ago
|
||
Plausibly the same as bug 1524246?
Comment 2•5 years ago
|
||
Sounds pretty likely.
Comment 3•5 years ago
|
||
Hasn't been seen on nightly since that patch landed -- not 100% confidence since it's low volume, but I'm going to go ahead and dupe this.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
Updated•5 years ago
|
Updated•5 years ago
|
Whiteboard: [adv-main66-]
Updated•4 years ago
|
Group: gfx-core-security
Comment 4•1 year ago
|
||
Removing regressionwindow-wanted
keyword because this bug has been resolved.
Keywords: regressionwindow-wanted
Comment 5•1 year ago
|
||
Removing regressionwindow-wanted
keyword because this bug has been resolved.
Comment 6•1 year ago
|
||
Removing regressionwindow-wanted
keyword because this bug has been resolved.
You need to log in
before you can comment on or make changes to this bug.
Description
•