Crash in [@ nsTArray_Impl<T>::~nsTArray_Impl | mozilla::net::CookieSettings::~CookieSettings]
Categories
(Core :: Networking: Cookies, defect)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox-esr68 | --- | unaffected |
| firefox68 | --- | unaffected |
| firefox69 | --- | wontfix |
| firefox70 | --- | wontfix |
| firefox71 | --- | wontfix |
People
(Reporter: philipp, Unassigned)
References
Details
(4 keywords)
Crash Data
This bug is for crash report bp-bd770288-e7f0-4ff3-94bb-ce99a0190824.
Top 10 frames of crashing thread:
0 xul.dll void nsTArray_Impl<RefPtr<nsIPermission>, nsTArrayInfallibleAllocator>::~nsTArray_Impl xpcom/ds/nsTArray.h:881
1 xul.dll mozilla::net::CookieSettings::~CookieSettings netwerk/cookie/CookieSettings.cpp:99
2 xul.dll mozilla::net::CookieSettings::Release netwerk/cookie/CookieSettings.cpp:282
3 xul.dll mozilla::net::LoadInfo::~LoadInfo netwerk/base/LoadInfo.h:167
4 xul.dll mozilla::net::LoadInfo::Release netwerk/base/LoadInfo.cpp:586
5 xul.dll mozilla::net::HttpBaseChannel::~HttpBaseChannel netwerk/protocol/http/HttpBaseChannel.cpp:258
6 xul.dll void mozilla::net::nsHttpChannel::~nsHttpChannel netwerk/protocol/http/nsHttpChannel.cpp:357
7 xul.dll unsigned long mozilla::net::DataChannelChild::Release xpcom/ds/nsHashPropertyBag.cpp:236
8 xul.dll mozilla::dom::DeferredFinalizerImpl<nsISupports>::DeferredFinalize dom/bindings/BindingUtils.h:2697
9 xul.dll mozilla::IncrementalFinalizeRunnable::ReleaseNow xpcom/base/CycleCollectedJSRuntime.cpp:1267
this low-volume crash signature is starting to show up during the 69.0b cycle and looking security sensitive in some instances.
Comment 1•6 years ago
|
||
Probably related to bug 1544127.
Updated•6 years ago
|
Comment 3•6 years ago
•
|
||
Doesn't this belong to the LoadInfo UAF family?
I looked at the code in CookieSettings and its use of mCookiePermissions, and I can't see any obvious misuse.
I think Honza's thought that it probably relates to bug 1544127 is correct.
Comment 5•6 years ago
|
||
Do you think this should be duped to bug 1544127?
Comment 6•6 years ago
|
||
(In reply to Liz Henry (:lizzard) from comment #5)
Do you think this should be duped to bug 1544127?
Probably yes, they are closely related and the cause is probably the same.
(In reply to Liz Henry (:lizzard) from comment #5)
Do you think this should be duped to bug 1544127?
I would say so - the only other way would be if CookieSettings::CookiePermission is called off-main-thread.
Maybe we should turn the assert into a MOZ_RELEASE_ASSERT ?
Comment 8•6 years ago
|
||
(In reply to Valentin Gosu [:valentin] (he/him) from comment #7)
(In reply to Liz Henry (:lizzard) from comment #5)
Do you think this should be duped to bug 1544127?
I would say so - the only other way would be if
CookieSettings::CookiePermissionis called off-main-thread.
Maybe we should turn the assert into aMOZ_RELEASE_ASSERT?
I agree with that, I'll file a bug, but I think DIAGNOSTIC will do.
Updated•6 years ago
|
Updated•6 years ago
|
Updated•2 years ago
|
Description
•