Closed Bug 1588579 Opened 2 years ago Closed 2 years ago

AddressSanitizer: heap-use-after-free [@ WaylandDMABufSurface::Resize] with READ of size 4

Categories

(Core :: Widget: Gtk, defect)

x86_64
Linux
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla71
Tracking Status
firefox-esr60 --- unaffected
firefox-esr68 --- unaffected
firefox67 --- unaffected
firefox68 --- unaffected
firefox69 --- unaffected
firefox70 --- unaffected
firefox71 --- fixed

People

(Reporter: decoder, Assigned: stransky)

References

(Blocks 1 open bug)

Details

(4 keywords)

Attachments

(2 files)

The attached crash information was submitted via the ASan Nightly Reporter on mozilla-central-asan-nightly revision 71.0a1-20191013213650-https://hg.mozilla.org/mozilla-central/rev/3bdfb7bc00a06a84c676d4d72ce47ea16b4b0042.

For detailed crash information, see attachment.

This is a regression from Bug 1578380 where WaylandDMABufSurface were created as ref-counted so only FF71 is affected.

Assignee: nobody → stransky
Group: core-security → gfx-core-security
Group: gfx-core-security → core-security-release
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
Duplicate of this bug: 1595467

:decoder is there a bounty to be paid on this?

Flags: needinfo?(choller)
Flags: needinfo?(choller)
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.