Closed Bug 1634638 Opened 5 years ago Closed 5 years ago

AddressSanitizer: heap-use-after-free [@ nsRefreshDriver::Tick] with READ of size 8

Categories

(Core :: Graphics: WebGPU, defect)

Product:
Core
Component:
Graphics: WebGPU
Platform:
x86_64
Windows
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1632755
Milestone:
mozilla77
Tracking Flags:
Tracking Status
firefox-esr68 --- unaffected
firefox75 --- unaffected
firefox76 --- unaffected
firefox77 --- fixed

People

(Reporter: decoder, Assigned: kvark)

Details

(Keywords: crash, regression, reporter-external)

Attachments

(1 file)

Detailed Crash Information
12.14 KB, text/plain
Details

The attached crash information was submitted via the ASan Nightly Reporter on mozilla-central-asan-nightly revision 77.0a1-20200427214618-https://hg.mozilla.org/mozilla-central/rev/2b0e2483e2eaaef7ac49866a98e8e857520bdd5c.

For detailed crash information, see attachment.

Flags: sec-bounty?

Fairly sure this was fixed by https://phabricator.services.mozilla.com/rMOZILLACENTRAL7d6135dac2f270fa13ec7cea498b3c245de62ecc (which went in a day after the affected nightly was made).

Christian, is this still considered a security issue if it's on Nightly behind a pref the user has to turn on, enabling an experimental technology?

Status: NEW → RESOLVED
Closed: 5 years ago
Flags: needinfo?(choller)
Resolution: --- → FIXED
Assignee: nobody → dmalyshau
Group: core-security → core-security-release
status-firefox75: --- → unaffected
status-firefox76: --- → unaffected
status-firefox77: affectedfixed
status-firefox-esr68: --- → unaffected
Target Milestone: --- → mozilla77
Flags: needinfo?(choller)

I was wondering if this was eligible for a bug bounty, since it was flagged sec-bounty? This is my first time reporting a security issue, so I am unsure what I am supposed to do.

If it helps, the bug happened when I was running these WebGPU examples: https://austineng.github.io/webgpu-samples/, after reading this Mozilla Hacks article: https://hacks.mozilla.org/2020/04/experimental-webgpu-in-firefox/. I am happy to provide any other information you need.

Flags: needinfo?(choller)

(In reply to tdulcet from comment #6)

I was wondering if this was eligible for a bug bounty, since it was flagged sec-bounty? This is my first time reporting a security issue, so I am unsure what I am supposed to do.

You don't need to do anything. The bounty committee meets periodically and will decide whether or not this should receive a bounty.

This was certainly potentially eligible for a bounty, but it appears to have been a duplicate of a bug that was filed earlier and whose patch landed on the day this was filed. So unfortunately not this time, but please do keep submitting these!

Flags: sec-bounty?
Flags: sec-bounty-
Flags: needinfo?(choller)
Resolution: FIXED → DUPLICATE
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: