Closed Bug 1611157 Opened 6 years ago Closed 6 years ago

Zero-length redirection chain causes crash

Categories

(Core :: Privacy: Anti-Tracking, defect)

Product:
Core
Component:
Privacy: Anti-Tracking
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1610485

People

(Reporter: Waldo, Unassigned)

Details

Was just browsing around normally and hit this:

https://crash-stats.mozilla.org/report/index/3d42933b-24f1-4c27-af13-81aea0200123

My browsing is so whack I normally assume OOM or something large-tab-set-specific/esoteric, but I hadn't browsed very long -- and InvalidArrayIndex_CRASH as the top frame is a super-easy way to tweak interest.

I don't have repro steps (save maybe be on wifi that is somewhat flaky?), but an out-of-bounds access, even if it's element zero of an empty array (which may have predictable, "safe" characteristics, tho I'm too lazy to check), certainly raises hackles and is worth a bug.

Whoops, for some reason I didn't get a useful bug-suggestion when I searched for a dup earlier.

Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Group: core-security
You need to log in before you can comment on or make changes to this bug.