1700373 - Crash in [@ mozilla::net::DNSHTTPSSVCRecordBase::HasIPAddressesInternal]

Status: RESOLVED DUPLICATE of bug 1700091

(Core :: Networking, defect)

Description

[Gabriele Svelto [:gsvelto]]

Maybe Fission related. (DOMFissionEnabled=1)

Crash report: https://crash-stats.mozilla.org/report/index/6dc2d963-1df4-42c3-aa4c-ea2f60210320

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames of crashing thread:

0 xul.dll mozilla::net::DNSHTTPSSVCRecordBase::HasIPAddressesInternal netwerk/dns/HTTPSSVC.cpp:418
1 xul.dll TypeHostRecord::GetHasIPAddresses netwerk/dns/nsHostResolver.cpp:638
2 xul.dll mozilla::net::nsHttpChannel::OnHTTPSRRAvailable netwerk/protocol/http/nsHttpChannel.cpp:9124
3 xul.dll std::_Func_impl_no_alloc<`lambda at /builds/worker/checkouts/gecko/netwerk/protocol/http/nsHttpChannel.cpp:6871:11', void, nsIDNSHTTPSSVCRecord*>::_Do_call 
4 xul.dll `anonymous namespace'::HTTPSRRListener::OnLookupComplete netwerk/base/nsDNSPrefetch.cpp:119
5 xul.dll mozilla::detail::RunnableFunction<`lambda at /builds/worker/checkouts/gecko/netwerk/dns/DNSListenerProxy.cpp:28:30'>::Run xpcom/threads/nsThreadUtils.h:534
6 xul.dll mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal xpcom/threads/TaskController.cpp:760
7 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1155
8 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:87
9 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:328

This is a use-after-free crash affecting all platforms. I've opened several crashes from macOS, Linux and Windows and all have the poison pattern present in at least two registers. Presumably aRecords points to a freed array.