Closed
Bug 1595467
Opened 5 years ago
Closed 5 years ago
AddressSanitizer: heap-use-after-free [@ WaylandDMABufSurface::Resize] with READ of size 4
Categories
(Core :: Widget: Gtk, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1588579
| Tracking | Status | |
|---|---|---|
| firefox72 | --- | fixed |
People
(Reporter: decoder, Unassigned)
Details
(4 keywords, Whiteboard: [adv-main72-])
Attachments
(1 file)
|
26.59 KB,
text/plain
|
Details |
The attached crash information was submitted via the ASan Nightly Reporter on mozilla-central-asan-nightly revision 72.0a1-20191108213609-https://hg.mozilla.org/mozilla-central/rev/f414b9e6d85710f92649566c1c6511265dadd476.
For detailed crash information, see attachment.
|
Reporter | |
Comment 1•5 years ago
|
||
|
|
Reporter | |
Updated•5 years ago
|
Flags: sec-bounty?
|
||
Updated•5 years ago
|
Group: core-security → layout-core-security
|
||
Comment 3•5 years ago
|
||
Martin, would you mind taking a look? Thanks.
Flags: needinfo?(stransky)
Keywords: csectype-uaf,
sec-high
|
||
Comment 4•5 years ago
|
||
This looks like a dupe of Bug 1588579. Also mozilla::widget::WindowSurfaceWayland::GetWaylandBufferToDraw() is not present in recent codebase, see
https://dxr.mozilla.org/mozilla-central/source/widget/gtk/WindowSurfaceWayland.cpp#722
Flags: needinfo?(stransky)
|
||
Updated•5 years ago
|
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
|
||
Updated•5 years ago
|
Flags: sec-bounty? → sec-bounty-
|
||
Updated•4 years ago
|
Whiteboard: [adv-main72-]
|
|
||
Updated•2 years ago
|
Group: layout-core-security → dom-core-security
|
|
||
Updated•11 months ago
|
Group: dom-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•