Closed Bug 1698948 Opened 4 years ago Closed 4 years ago

Invalid Win32k use in content process [xul!mozilla::widget::GfxInfo::RefreshMonitors]

Categories

(Core :: Security: Process Sandboxing, defect, P2)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
All
Windows
Type:
defect

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: cmartin, Assigned: cmartin)

References

Details

00 0000006b`807fb3e8 00007fff`9c54726a win32u!NtUserEnumDisplayDevices
01 0000006b`807fb3f0 00007fff`29f87a4d USER32!EnumDisplayDevicesW+0x6a
02 0000006b`807fb7c0 00007fff`29f867d8 xul!mozilla::widget::GfxInfo::RefreshMonitors+0xcd [c:\moz\mozilla-central\widget\windows\GfxInfo.cpp @ 913] 
03 0000006b`807fbc80 00007fff`27895671 xul!mozilla::widget::GfxInfo::Init+0x18d8 [c:\moz\mozilla-central\widget\windows\GfxInfo.cpp @ 873] 
04 0000006b`807fc6f0 00007fff`278aa258 xul!mozilla::xpcom::CreateInstanceImpl+0xc31 [c:\moz\mozilla-central\obj-x86_64-pc-mingw32\xpcom\components\StaticComponents.cpp @ 9460] 
05 (Inline Function) --------`-------- xul!`anonymous namespace'::EntryWrapper::CreateInstance+0x1d [c:\moz\mozilla-central\xpcom\components\nsComponentManager.cpp @ 177] 
06 0000006b`807fc7b0 00007fff`278aa6a8 xul!nsComponentManagerImpl::GetServiceLocked+0x3c8 [c:\moz\mozilla-central\xpcom\components\nsComponentManager.cpp @ 1278] 
07 0000006b`807fc960 00007fff`2789d33e xul!nsComponentManagerImpl::GetService+0x158 [c:\moz\mozilla-central\xpcom\components\nsComponentManager.cpp @ 1368] 
08 0000006b`807fca00 00007fff`278289a2 xul!mozilla::xpcom::GetServiceHelper::operator()+0x1e [c:\moz\mozilla-central\obj-x86_64-pc-mingw32\xpcom\components\StaticComponents.cpp @ 12892] 
09 0000006b`807fca30 00007fff`285e0dbc xul!nsCOMPtr_base::assign_from_helper+0x32 [c:\moz\mozilla-central\xpcom\base\nsCOMPtr.cpp @ 109] 
0a (Inline Function) --------`-------- xul!nsCOMPtr<nsIGfxInfo>::operator=+0x16 [c:\moz\mozilla-central\obj-x86_64-pc-mingw32\dist\include\nsCOMPtr.h @ 787] 
0b 0000006b`807fca80 00007fff`285e1a7a xul!gfxPlatform::Init+0x64c [c:\moz\mozilla-central\gfx\thebes\gfxPlatform.cpp @ 898] 
0c 0000006b`807fcc40 00007fff`29c2a67c xul!gfxPlatform::InitChild+0x1a [c:\moz\mozilla-central\gfx\thebes\gfxPlatform.cpp @ 496] 
0d (Inline Function) --------`-------- xul!mozilla::dom::ContentChild::InitGraphicsDeviceData+0x8 [c:\moz\mozilla-central\dom\ipc\ContentChild.cpp @ 1213] 
0e 0000006b`807fcc70 00007fff`27ee39a5 xul!mozilla::dom::ContentChild::RecvSetXPCOMProcessAttributes+0x1bc [c:\moz\mozilla-central\dom\ipc\ContentChild.cpp @ 631] 

00 0000006b`807fb758 00007fff`9c52896d win32u!NtUserEnumDisplaySettings
01 0000006b`807fb760 00007fff`29f87ae0 USER32!EnumDisplaySettingsExW+0xad
02 0000006b`807fb7c0 00007fff`29f867d8 xul!mozilla::widget::GfxInfo::RefreshMonitors+0x160 [c:\moz\mozilla-central\widget\windows\GfxInfo.cpp @ 924] 
03 0000006b`807fbc80 00007fff`27895671 xul!mozilla::widget::GfxInfo::Init+0x18d8 [c:\moz\mozilla-central\widget\windows\GfxInfo.cpp @ 873] 
04 0000006b`807fc6f0 00007fff`278aa258 xul!mozilla::xpcom::CreateInstanceImpl+0xc31 [c:\moz\mozilla-central\obj-x86_64-pc-mingw32\xpcom\components\StaticComponents.cpp @ 9460] 
05 (Inline Function) --------`-------- xul!`anonymous namespace'::EntryWrapper::CreateInstance+0x1d [c:\moz\mozilla-central\xpcom\components\nsComponentManager.cpp @ 177] 
06 0000006b`807fc7b0 00007fff`278aa6a8 xul!nsComponentManagerImpl::GetServiceLocked+0x3c8 [c:\moz\mozilla-central\xpcom\components\nsComponentManager.cpp @ 1278] 
07 0000006b`807fc960 00007fff`2789d33e xul!nsComponentManagerImpl::GetService+0x158 [c:\moz\mozilla-central\xpcom\components\nsComponentManager.cpp @ 1368] 
08 0000006b`807fca00 00007fff`278289a2 xul!mozilla::xpcom::GetServiceHelper::operator()+0x1e [c:\moz\mozilla-central\obj-x86_64-pc-mingw32\xpcom\components\StaticComponents.cpp @ 12892] 
09 0000006b`807fca30 00007fff`285e0dbc xul!nsCOMPtr_base::assign_from_helper+0x32 [c:\moz\mozilla-central\xpcom\base\nsCOMPtr.cpp @ 109] 
0a (Inline Function) --------`-------- xul!nsCOMPtr<nsIGfxInfo>::operator=+0x16 [c:\moz\mozilla-central\obj-x86_64-pc-mingw32\dist\include\nsCOMPtr.h @ 787] 
0b 0000006b`807fca80 00007fff`285e1a7a xul!gfxPlatform::Init+0x64c [c:\moz\mozilla-central\gfx\thebes\gfxPlatform.cpp @ 898] 
0c 0000006b`807fcc40 00007fff`29c2a67c xul!gfxPlatform::InitChild+0x1a [c:\moz\mozilla-central\gfx\thebes\gfxPlatform.cpp @ 496] 
0d (Inline Function) --------`-------- xul!mozilla::dom::ContentChild::InitGraphicsDeviceData+0x8 [c:\moz\mozilla-central\dom\ipc\ContentChild.cpp @ 1213] 
0e 0000006b`807fcc70 00007fff`27ee39a5 xul!mozilla::dom::ContentChild::RecvSetXPCOMProcessAttributes+0x1bc [c:\moz\mozilla-central\dom\ipc\ContentChild.cpp @ 631] 

00 0000006b`807fb3e8 00007fff`9c54726a win32u!NtUserEnumDisplayDevices
01 0000006b`807fb3f0 00007fff`29f87aa8 USER32!EnumDisplayDevicesW+0x6a
02 0000006b`807fb7c0 00007fff`29f867d8 xul!mozilla::widget::GfxInfo::RefreshMonitors+0x128 [c:\moz\mozilla-central\widget\windows\GfxInfo.cpp @ 913] 
03 0000006b`807fbc80 00007fff`27895671 xul!mozilla::widget::GfxInfo::Init+0x18d8 [c:\moz\mozilla-central\widget\windows\GfxInfo.cpp @ 873] 
04 0000006b`807fc6f0 00007fff`278aa258 xul!mozilla::xpcom::CreateInstanceImpl+0xc31 [c:\moz\mozilla-central\obj-x86_64-pc-mingw32\xpcom\components\StaticComponents.cpp @ 9460] 
05 (Inline Function) --------`-------- xul!`anonymous namespace'::EntryWrapper::CreateInstance+0x1d [c:\moz\mozilla-central\xpcom\components\nsComponentManager.cpp @ 177] 
06 0000006b`807fc7b0 00007fff`278aa6a8 xul!nsComponentManagerImpl::GetServiceLocked+0x3c8 [c:\moz\mozilla-central\xpcom\components\nsComponentManager.cpp @ 1278] 
07 0000006b`807fc960 00007fff`2789d33e xul!nsComponentManagerImpl::GetService+0x158 [c:\moz\mozilla-central\xpcom\components\nsComponentManager.cpp @ 1368] 
08 0000006b`807fca00 00007fff`278289a2 xul!mozilla::xpcom::GetServiceHelper::operator()+0x1e [c:\moz\mozilla-central\obj-x86_64-pc-mingw32\xpcom\components\StaticComponents.cpp @ 12892] 
09 0000006b`807fca30 00007fff`285e0dbc xul!nsCOMPtr_base::assign_from_helper+0x32 [c:\moz\mozilla-central\xpcom\base\nsCOMPtr.cpp @ 109] 
0a (Inline Function) --------`-------- xul!nsCOMPtr<nsIGfxInfo>::operator=+0x16 [c:\moz\mozilla-central\obj-x86_64-pc-mingw32\dist\include\nsCOMPtr.h @ 787] 
0b 0000006b`807fca80 00007fff`285e1a7a xul!gfxPlatform::Init+0x64c [c:\moz\mozilla-central\gfx\thebes\gfxPlatform.cpp @ 898] 
0c 0000006b`807fcc40 00007fff`29c2a67c xul!gfxPlatform::InitChild+0x1a [c:\moz\mozilla-central\gfx\thebes\gfxPlatform.cpp @ 496] 
0d (Inline Function) --------`-------- xul!mozilla::dom::ContentChild::InitGraphicsDeviceData+0x8 [c:\moz\mozilla-central\dom\ipc\ContentChild.cpp @ 1213] 
0e 0000006b`807fcc70 00007fff`27ee39a5 xul!mozilla::dom::ContentChild::RecvSetXPCOMProcessAttributes+0x1bc [c:\moz\mozilla-central\dom\ipc\ContentChild.cpp @ 631]
Assignee: nobody → cmartin
Status: NEW → ASSIGNED
Severity: -- → S4
Priority: -- → P2

The fix to Bug 1698732 will fix this as well

Depends on: 1698732

Fixed by Bug 1698732

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.