Closed Bug 1571707 Opened 5 years ago Closed 5 years ago

AddressSanitizer: SEGV /src/obj-firefox/dist/include/js/HeapAPI.h:459:10 in [@ GetCellLocation]

Categories

(Core :: DOM: Workers, defect)

Product:
Core
Component:
DOM: Workers
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INCOMPLETE
Tracking Flags:
Tracking Status
firefox70 --- affected

People

(Reporter: jkratzer, Unassigned)

References

(Blocks 2 open bugs)

Details

(Keywords: crash, testcase-wanted)

Found while fuzzing mozilla-central rev 6e3e96412fd9. I don't currently have a reproducible testcase but will update if one becomes available.

==69439==ERROR: AddressSanitizer: SEGV on unknown address 0x3328df7fffe8 (pc 0x7f9c6ad885fc bp 0x7f9c4d872130 sp 0x7f9c4d872020 T47)
==69439==The signal is caused by a READ memory access.
    #0 0x7f9c6ad885fb in GetCellLocation /src/obj-firefox/dist/include/js/HeapAPI.h:459:10
    #1 0x7f9c6ad885fb in IsInsideNursery /src/obj-firefox/dist/include/js/HeapAPI.h:475
    #2 0x7f9c6ad885fb in EdgeNeedsSweepUnbarriered /src/obj-firefox/dist/include/js/HeapAPI.h:616
    #3 0x7f9c6ad885fb in GetWrapperPreserveColor /src/dom/base/nsWrapperCacheInlines.h:15
    #4 0x7f9c6ad885fb in HasKnownLiveWrapper /src/dom/base/nsWrapperCacheInlines.h:40
    #5 0x7f9c6ad885fb in nsWrapperCache::HasKnownLiveWrapperAndDoesNotNeedTracing(nsISupports*) /src/dom/base/nsWrapperCacheInlines.h:62
    #6 0x7f9c66d1e4f3 in CanSkipInCC /src/xpcom/base/nsCycleCollectionParticipant.h:191:25
    #7 0x7f9c66d1e4f3 in CCGraphBuilder::AddPurpleRoot(void*, nsCycleCollectionParticipant*) /src/xpcom/base/nsCycleCollector.cpp:2023
    #8 0x7f9c66d1a988 in AddPurpleRoot /src/xpcom/base/nsCycleCollector.cpp:2256:19
    #9 0x7f9c66d1a988 in Visit /src/xpcom/base/nsCycleCollector.cpp:1053
    #10 0x7f9c66d1a988 in void nsPurpleBuffer::VisitEntries<SelectPointersVisitor>(SelectPointersVisitor&) /src/xpcom/base/nsCycleCollector.cpp:956
    #11 0x7f9c66d2ee7d in SelectPointers /src/xpcom/base/nsCycleCollector.cpp:1065:3
    #12 0x7f9c66d2ee7d in nsCycleCollector::BeginCollection(ccType, nsICycleCollectorListener*) /src/xpcom/base/nsCycleCollector.cpp:3618
    #13 0x7f9c66d2e010 in nsCycleCollector::Collect(ccType, js::SliceBudget&, nsICycleCollectorListener*, bool) /src/xpcom/base/nsCycleCollector.cpp:3413:9
    #14 0x7f9c66d31b7c in nsCycleCollector_collect(nsICycleCollectorListener*) /src/xpcom/base/nsCycleCollector.cpp:3949:21
    #15 0x7f9c754c2567 in callGCCallback /src/js/src/gc/GC.cpp:1926:3
    #16 0x7f9c754c2567 in js::gc::GCRuntime::maybeCallGCCallback(JSGCStatus) /src/js/src/gc/GC.cpp:7530
    #17 0x7f9c754c3601 in ~AutoCallGCCallbacks /src/js/src/gc/GC.cpp:7509:32
    #18 0x7f9c754c3601 in js::gc::GCRuntime::gcCycle(bool, js::SliceBudget, mozilla::Maybe<JSGCInvocationKind> const&, JS::GCReason) /src/js/src/gc/GC.cpp:7620
    #19 0x7f9c754c6986 in js::gc::GCRuntime::collect(bool, js::SliceBudget, mozilla::Maybe<JSGCInvocationKind> const&, JS::GCReason) /src/js/src/gc/GC.cpp:7790:9
    #20 0x7f9c7545b75f in js::gc::GCRuntime::gc(JSGCInvocationKind, JS::GCReason) /src/js/src/gc/GC.cpp:7872:3
    #21 0x7f9c6fa147f1 in mozilla::dom::workerinternals::(anonymous namespace)::WorkerThreadPrimaryRunnable::Run() /src/dom/workers/RuntimeService.cpp:2342:5
    #22 0x7f9c66ee90e0 in nsThread::ProcessNextEvent(bool, bool*) /src/xpcom/threads/nsThread.cpp:1224:14
    #23 0x7f9c66eef4f8 in NS_ProcessNextEvent(nsIThread*, bool) /src/xpcom/threads/nsThreadUtils.cpp:486:10
    #24 0x7f9c680f8174 in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /src/ipc/glue/MessagePump.cpp:333:5
    #25 0x7f9c67ff3852 in RunInternal /src/ipc/chromium/src/base/message_loop.cc:315:10
    #26 0x7f9c67ff3852 in RunHandler /src/ipc/chromium/src/base/message_loop.cc:308
    #27 0x7f9c67ff3852 in MessageLoop::Run() /src/ipc/chromium/src/base/message_loop.cc:290
    #28 0x7f9c66ee2a2a in nsThread::ThreadFunc(void*) /src/xpcom/threads/nsThread.cpp:458:11
    #29 0x7f9c89be70bd in _pt_root /src/nsprpub/pr/src/pthreads/ptthread.c:198:5
    #30 0x7f9c8982a6da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
    #31 0x7f9c8880888e in clone /build/glibc-OTsEL5/glibc-2.27/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /src/obj-firefox/dist/include/js/HeapAPI.h:459:10 in GetCellLocation
Thread T47 (DOM Worker) created by T0 (file:// Content) here:
    #0 0x5617fb84369d in __interceptor_pthread_create /builds/worker/workspace/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:210:3
    #1 0x7f9c89bd91b8 in _PR_CreateThread /src/nsprpub/pr/src/pthreads/ptthread.c:430:14
    #2 0x7f9c89bc2d9e in PR_CreateThread /src/nsprpub/pr/src/pthreads/ptthread.c:503:12
    #3 0x7f9c66ee4f19 in nsThread::Init(nsTSubstring<char> const&) /src/xpcom/threads/nsThread.cpp:671:8
    #4 0x7f9c6fa73b38 in mozilla::dom::WorkerThread::Create(mozilla::dom::WorkerThreadFriendKey const&) /src/dom/workers/WorkerThread.cpp:92:7
    #5 0x7f9c6f9e52fd in mozilla::dom::workerinternals::RuntimeService::ScheduleWorker(mozilla::dom::WorkerPrivate*) /src/dom/workers/RuntimeService.cpp:1431:14
    #6 0x7f9c6f9e3974 in mozilla::dom::workerinternals::RuntimeService::RegisterWorker(mozilla::dom::WorkerPrivate*) /src/dom/workers/RuntimeService.cpp:1296:19
    #7 0x7f9c6fa4369f in mozilla::dom::WorkerPrivate::Constructor(JSContext*, nsTSubstring<char16_t> const&, bool, mozilla::dom::WorkerType, nsTSubstring<char16_t> const&, nsTSubstring<char> const&, mozilla::dom::WorkerLoadInfo*, mozilla::ErrorResult&) /src/dom/workers/WorkerPrivate.cpp:2305:24
    #8 0x7f9c6f9f4107 in mozilla::dom::Worker::Constructor(mozilla::dom::GlobalObject const&, nsTSubstring<char16_t> const&, mozilla::dom::WorkerOptions const&, mozilla::ErrorResult&) /src/dom/workers/Worker.cpp:30:41
    #9 0x7f9c6cd3b8bc in mozilla::dom::Worker_Binding::_constructor(JSContext*, unsigned int, JS::Value*) /src/obj-firefox/dom/bindings/WorkerBinding.cpp:1141:52
    #10 0x7f9c743e5037 in CallJSNative /src/js/src/vm/Interpreter.cpp:448:13
    #11 0x7f9c743e5037 in CallJSNativeConstructor /src/js/src/vm/Interpreter.cpp:464
    #12 0x7f9c743e5037 in InternalConstruct(JSContext*, js::AnyConstructArgs const&) /src/js/src/vm/Interpreter.cpp:657
    #13 0x7f9c756954a9 in js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICCall_Fallback*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) /src/js/src/jit/BaselineIC.cpp:3190:10
    #14 0x1704b2049797  (<unknown module>)
    #15 0x621001348e8f  (<unknown module>)
    #16 0x1704b204748e  (<unknown module>)

==69439==ABORTING
Group: core-security → dom-core-security

Maybe a UAF hiding in here? Can you make the ASAN history bigger in a future run and maybe catch it with more information? Otherwise, this particular stack isn't all that useful.

Flags: needinfo?(jkratzer)

Dan, I've tried rerunning the testcase using a larger quarantine_size_mb value however, I was never able to reproduce that crash or a UAF stack. The only other stack I saw while testing is also fairly ambiguous.

==1977==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f58f4bea6d4 bp 0x7f57f14fddc0 sp 0x7f57f14fdd80 T45)
==1977==The signal is caused by a READ memory access.
==1977==Hint: address points to the zero page.
    #0 0x7f58f4bea6d3 in operator! /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:303:36
    #1 0x7f58f4bea6d3 in NS_CycleCollectorSuspect3 /builds/worker/workspace/build/src/xpcom/base/nsCycleCollector.cpp:3763
    #2 0x7f58fbdf7236 in incr<&NS_CycleCollectorSuspect3> /builds/worker/workspace/build/src/obj-firefox/dist/include/nsISupportsImpl.h:207:7
    #3 0x7f58fbdf7236 in incr<&NS_CycleCollectorSuspect3> /builds/worker/workspace/build/src/obj-firefox/dist/include/nsISupportsImpl.h:193
    #4 0x7f58fbdf7236 in mozilla::DOMEventTargetHelper::AddRef() /builds/worker/workspace/build/src/dom/events/DOMEventTargetHelper.cpp:83
    #5 0x7f58f4dba546 in nsTimerImpl::Callback::operator=(nsTimerImpl::Callback const&) /builds/worker/workspace/build/src/xpcom/threads/nsTimerImpl.h
    #6 0x7f58f4d922c2 in nsTimerImpl::Fire(int) /builds/worker/workspace/build/src/xpcom/threads/nsTimerImpl.cpp:525:24
    #7 0x7f58f4d91ed9 in nsTimerEvent::Run() /builds/worker/workspace/build/src/xpcom/threads/TimerThread.cpp:260:11
    #8 0x7f58f4da52b0 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1225:14
    #9 0x7f58f4dab6c8 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:486:10
    #10 0x7f58f5fb4394 in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:333:5
    #11 0x7f58f5eafa62 in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:315:10
    #12 0x7f58f5eafa62 in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:308
    #13 0x7f58f5eafa62 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:290
    #14 0x7f58f4d9ebfa in nsThread::ThreadFunc(void*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:458:11
    #15 0x7f5917a8b0bd in _pt_root /builds/worker/workspace/build/src/nsprpub/pr/src/pthreads/ptthread.c:198:5
    #16 0x7f59176cf6da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
    #17 0x7f59166ad88e in clone /build/glibc-OTsEL5/glibc-2.27/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:303:36 in operator!
Thread T45 (DOM Worker) created by T0 (file:// Content) here:
    #0 0x563e9814143d in __interceptor_pthread_create /builds/worker/workspace/build/llvm-project/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:210:3
    #1 0x7f5917a7d1b8 in _PR_CreateThread /builds/worker/workspace/build/src/nsprpub/pr/src/pthreads/ptthread.c:430:14
    #2 0x7f5917a66d9e in PR_CreateThread /builds/worker/workspace/build/src/nsprpub/pr/src/pthreads/ptthread.c:503:12
    #3 0x7f58f4da10e9 in nsThread::Init(nsTSubstring<char> const&) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:672:8
    #4 0x7f58fd8d4a48 in mozilla::dom::WorkerThread::Create(mozilla::dom::WorkerThreadFriendKey const&) /builds/worker/workspace/build/src/dom/workers/WorkerThread.cpp:92:7
    #5 0x7f58fd84620d in mozilla::dom::workerinternals::RuntimeService::ScheduleWorker(mozilla::dom::WorkerPrivate*) /builds/worker/workspace/build/src/dom/workers/RuntimeService.cpp:1431:14
    #6 0x7f58fd844884 in mozilla::dom::workerinternals::RuntimeService::RegisterWorker(mozilla::dom::WorkerPrivate*) /builds/worker/workspace/build/src/dom/workers/RuntimeService.cpp:1296:19
    #7 0x7f58fd8a45af in mozilla::dom::WorkerPrivate::Constructor(JSContext*, nsTSubstring<char16_t> const&, bool, mozilla::dom::WorkerType, nsTSubstring<char16_t> const&, nsTSubstring<char> const&, mozilla::dom::WorkerLoadInfo*, mozilla::ErrorResult&) /builds/worker/workspace/build/src/dom/workers/WorkerPrivate.cpp:2305:24
    #8 0x7f58fd855017 in mozilla::dom::Worker::Constructor(mozilla::dom::GlobalObject const&, nsTSubstring<char16_t> const&, mozilla::dom::WorkerOptions const&, mozilla::ErrorResult&) /builds/worker/workspace/build/src/dom/workers/Worker.cpp:30:41
    #9 0x7f58fac37aac in mozilla::dom::Worker_Binding::_constructor(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/WorkerBinding.cpp:1141:52
    #10 0x7f5902259a87 in CallJSNative /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:448:13
    #11 0x7f5902259a87 in CallJSNativeConstructor /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:464
    #12 0x7f5902259a87 in InternalConstruct(JSContext*, js::AnyConstructArgs const&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:657
    #13 0x7f590223e51c in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3075:16
    #14 0x7f59022202bf in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:425:10
    #15 0x7f590225689f in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:568:13
    #16 0x7f5902258ac2 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:611:8
    #17 0x7f5902d63398 in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/jsapi.cpp:2660:10
    #18 0x7f58faf4c560 in mozilla::dom::EventListener::HandleEvent(JSContext*, JS::Handle<JS::Value>, mozilla::dom::Event&, mozilla::ErrorResult&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/EventListenerBinding.cpp:52:8
    #19 0x7f58fbe72f75 in HandleEvent<mozilla::dom::EventTarget *> /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/EventListenerBinding.h:66:12
    #20 0x7f58fbe72f75 in mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, mozilla::dom::Event*, mozilla::dom::EventTarget*) /builds/worker/workspace/build/src/dom/events/EventListenerManager.cpp:1025
    #21 0x7f58fbe749f0 in mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, nsEventStatus*, bool) /builds/worker/workspace/build/src/dom/events/EventListenerManager.cpp:1223:17
    #22 0x7f58fbe5b63a in HandleEvent /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/EventListenerManager.h:353:5
    #23 0x7f58fbe5b63a in mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&) /builds/worker/workspace/build/src/dom/events/EventDispatcher.cpp:349
    #24 0x7f58fbe59e52 in mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) /builds/worker/workspace/build/src/dom/events/EventDispatcher.cpp:551:16
    #25 0x7f58fbe5f81b in mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) /builds/worker/workspace/build/src/dom/events/EventDispatcher.cpp:1047:11
    #26 0x7f58fbe66890 in mozilla::EventDispatcher::DispatchDOMEvent(nsISupports*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsPresContext*, nsEventStatus*) /builds/worker/workspace/build/src/dom/events/EventDispatcher.cpp
    #27 0x7f58f913489a in nsINode::DispatchEvent(mozilla::dom::Event&, mozilla::dom::CallerType, mozilla::ErrorResult&) /builds/worker/workspace/build/src/dom/base/nsINode.cpp:1061:17
    #28 0x7f58f8add2c9 in nsContentUtils::DispatchEvent(mozilla::dom::Document*, nsISupports*, nsTSubstring<char16_t> const&, mozilla::CanBubble, mozilla::Cancelable, mozilla::Composed, mozilla::Trusted, bool*, mozilla::ChromeOnlyDispatch) /builds/worker/workspace/build/src/dom/base/nsContentUtils.cpp:3974:28
    #29 0x7f58f8add093 in nsContentUtils::DispatchTrustedEvent(mozilla::dom::Document*, nsISupports*, nsTSubstring<char16_t> const&, mozilla::CanBubble, mozilla::Cancelable, mozilla::Composed, bool*) /builds/worker/workspace/build/src/dom/base/nsContentUtils.cpp:3944:10
    #30 0x7f58f8e24212 in mozilla::dom::Document::DispatchContentLoadedEvents() /builds/worker/workspace/build/src/dom/base/Document.cpp:7041:3
    #31 0x7f58f8f07484 in applyImpl<mozilla::dom::Document, void (mozilla::dom::Document::*)()> /builds/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:1124:12
    #32 0x7f58f8f07484 in apply<mozilla::dom::Document, void (mozilla::dom::Document::*)()> /builds/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:1130
    #33 0x7f58f8f07484 in mozilla::detail::RunnableMethodImpl<mozilla::dom::Document*, void (mozilla::dom::Document::*)(), true, (mozilla::RunnableKind)0>::Run() /builds/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:1176
    #34 0x7f58f4d73361 in mozilla::SchedulerGroup::Runnable::Run() /builds/worker/workspace/build/src/xpcom/threads/SchedulerGroup.cpp:295:32
    #35 0x7f58f4da52b0 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1225:14
    #36 0x7f58f4dab6c8 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:486:10
    #37 0x7f58f5fb29cf in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:88:21
    #38 0x7f58f5eafa62 in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:315:10
    #39 0x7f58f5eafa62 in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:308
    #40 0x7f58f5eafa62 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:290
    #41 0x7f58fe0aab29 in nsBaseAppShell::Run() /builds/worker/workspace/build/src/widget/nsBaseAppShell.cpp:137:27
    #42 0x7f5901f9dcaf in XRE_RunAppShell() /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:919:20
    #43 0x7f58f5eafa62 in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:315:10
    #44 0x7f58f5eafa62 in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:308
    #45 0x7f58f5eafa62 in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:290
    #46 0x7f5901f9d556 in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:754:34
    #47 0x563e9818bf13 in content_process_main /builds/worker/workspace/build/src/browser/app/../../ipc/contentproc/plugin-container.cpp:56:28
    #48 0x563e9818bf13 in main /builds/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:267
    #49 0x7f59165adb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
Flags: needinfo?(jkratzer)

Closing this as incomplete for now unless it comes up again and we get better information.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → INCOMPLETE
Group: dom-core-security
Blocks: fuzzing-workers
You need to log in before you can comment on or make changes to this bug.