Open
Bug 1625187
Opened 4 years ago
Updated 3 years ago
RustMozCrash through nsPlaceholderFrame::GetParentComputedStyleForOutOfFlow()
Categories
(Core :: Layout, defect, P3)
Core
Layout
Tracking
()
NEW
People
(Reporter: tarafans7, Unassigned)
References
(Depends on 1 open bug)
Details
Attachments
(2 files)
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36
Steps to reproduce:
A bug found in Nightly by fuzzing. PoC and ASAN log are attached.
I used the official ASAN build on Mar 25 and reproduced with ffpuppet.
Reported by Wen Xu from sslab, gatech
Comment 2•4 years ago
|
||
This may be an intentional crash and not a security issue. Emilio, can you take a look?
Group: firefox-core-security → layout-core-security
Component: Untriaged → Layout
Flags: needinfo?(emilio)
Product: Firefox → Core
Comment 3•4 years ago
|
||
Yes. I don't think it's a security, issue, it's a rust panic due to ::first-line being broken.
Updated•4 years ago
|
Group: layout-core-security
Updated•4 years ago
|
Priority: -- → P3
Comment 4•4 years ago
|
||
Because this bug's Severity has not been changed from the default since it was filed, and it's Priority is P3
(Backlog,) indicating it has been triaged, the bug's Severity is being updated to S3
(normal.)
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•