Closed Bug 1689981 Opened 4 years ago Closed 2 years ago

macOS Crash in [@ webrender::render_backend::DataStores::apply_updates]

Categories

(Core :: Graphics: WebRender, defect)

Product:
Core
Component:
Graphics: WebRender
Platform:
Unspecified
macOS
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
106 Branch
Tracking Flags:
Tracking Status
firefox-esr102 --- wontfix

People

(Reporter: gsvelto, Unassigned)

References

Details

(4 keywords, Whiteboard: fixed by bug 1784018)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/e2736bba-6032-4619-9303-42c510210129

Reason: EXC_BAD_ACCESS / EXC_I386_GPFLT

Top 8 frames of crashing thread:

0 XUL webrender::render_backend::DataStores::apply_updates gfx/wr/webrender/src/render_backend.rs:279
1 XUL webrender::render_backend::RenderBackend::process_transaction gfx/wr/webrender/src/render_backend.rs:967
2 XUL webrender::render_backend::RenderBackend::process_api_msg gfx/wr/webrender/src/render_backend.rs:1223
3 XUL std::sys_common::backtrace::__rust_begin_short_backtrace /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/std/src/sys_common/backtrace.rs:137
4 XUL core::ops::function::FnOnce::call_once{{vtable.shim}} /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ops/function.rs:227
5 XUL std::sys::unix::thread::Thread::new::thread_start library/std/src/sys/unix/thread.rs:87
6 libsystem_pthread.dylib _pthread_start 
7 libsystem_pthread.dylib thread_start

Another crasher that appears like it's an instance of bug 1676343. There are non-macOS crashes under this signature but they're very noisy so I don't think they're relevant.

Group: core-security
Group: core-security → gfx-core-security
Keywords: sec-high
Summary: Crash in [@ webrender::render_backend::DataStores::apply_updates] → macOS Crash in [@ webrender::render_backend::DataStores::apply_updates]
Keywords: stalled
Severity: -- → S3

The severity field for this bug is set to S3. However, the bug is flagged with the sec-high keyword.
:gw, could you consider increasing the severity of this security bug?

For more information, please visit auto_nag documentation.

Flags: needinfo?(gwatson)
Flags: needinfo?(gwatson)

There are no more macOS crashes under this signature and more importantly there's been no more UAFs after I landed bug 1784018. The remaining crashes appear to be random-ish so maybe we can close this. Daniel WDYT? I'm going over all the crashes that were tied to bug 1676343 and indeed there doesn't seem to be anymore UAFs which reinforces my hunch that it was indeed a locking problem.

Flags: needinfo?(dveditz)

Agreed

Depends on: 1784018
Flags: needinfo?(dveditz)
Keywords: stalled
Whiteboard: fixed by bug 1784018
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 106 Branch
Group: gfx-core-security → core-security-release
status-firefox-esr102: --- → wontfix
Keywords: sec-highcsectype-race, sec-moderate
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.