Closed
Bug 1688587
Opened 3 years ago
Closed 1 year ago
Crash in [@ free | core::ptr::drop_in_place | webrender::render_backend::RenderBackend::process_transaction]
Categories
(Core :: Graphics: WebRender, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: gsvelto, Unassigned)
References
Details
(Keywords: crash, csectype-uaf)
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/77040078-cbfb-4011-b292-53a000210125
Reason: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
Top 4 frames of crashing thread:
0 libmozglue.dylib free memory/build/malloc_decls.h:54
1 XUL core::ptr::drop_in_place /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:184
2 XUL webrender::render_backend::RenderBackend::process_transaction gfx/wr/webrender/src/render_backend.rs:949
3 libGL.dylib glGetShaderSource
Another likely instance of bug 1676343. Ticks all the boxes as usual:
- Use-after-free that happens only on macOS
- Versions 10.15 and older are affected
- Happens in a piece of code where the locking should be sound given it never fails on other platforms
|
||
Updated•3 years ago
|
Severity: -- → S3
|
||
Comment 1•1 year ago
|
||
Closing because no crashes reported for 12 weeks.
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•