Closed Bug 1603104 Opened 6 years ago Closed 5 years ago

AddressSanitizer: heap-buffer-overflow [@ IsAllowedAsChild] with READ of size 8

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Version:
64 Branch
Platform:
x86_64
Windows
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1499861

People

(Reporter: decoder, Unassigned)

Details

(4 keywords)

Attachments

(1 file)

Detailed Crash Information
6.64 KB, text/plain
Details

The attached crash information was submitted via the ASan Nightly Reporter on mozilla-central-asan-nightly revision 64.0a1-20181013100102-https://hg.mozilla.org/mozilla-central/rev/94a62c1aad526dc24dc9186a6ccebb0db276ee87.

For detailed crash information, see attachment.

This report comes from a super-old Firefox version, but I decided to file it anyway, in case it points to a bug that might still be present in our code. If this is not interesting/actionable, feel free to close the bug.

Group: core-security → dom-core-security
Component: DOM: HTML Parser → DOM: Core & HTML

mozilla::dom::HTMLOptionsCollection_Binding::DOMProxyHandler::setCustom() is on the stack, which reminded me of bug 1371259, which added some rooting in that function, but that was fixed in Firefox 55, so too old for this particular version to be affected.

Version: Trunk → 64 Branch

Peter, do you think it's worth keeping this open?

Flags: needinfo?(peterv)

Per comment 4 marking dup of bug 1499861.
Please reopen if needed.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
Group: dom-core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: