Closed Bug 1751949 Opened 4 years ago Closed 4 years ago

AddressSanitizer: stack-use-after-scope [@ SandboxPrivate::cycleCollection::TraverseNative] with READ of size 8

Categories

(Core :: XPConnect, defect)

Product:
Core
Component:
XPConnect
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INCOMPLETE
Tracking Flags:
Tracking Status
firefox98 --- affected

People

(Reporter: decoder, Unassigned)

Details

(Keywords: crash, regression)

Attachments

(1 file)

Detailed Crash Information
7.06 KB, text/plain
Details

The attached crash information was submitted via the ASan Nightly Reporter on mozilla-central-asan-nightly revision 98.0a1-20220111213255-https://hg.mozilla.org/mozilla-central/rev/8f317a43f9f592d052af4d0922397cf9cb5c0c30.

For detailed crash information, see attachment.

Group: core-security → dom-core-security

The report seems to hint that nsCycleCollectionTraversalCallback is the 'stack-use-after-scope', but the stack has MayHaveChild and
MayHaveChild (stack) allocates ChildFinder, which is an nsCycleCollectionTraversalCallback. So clearly that object is still alive.
Am I missing something obvious?

There's not enough here to make sense. If we see this stack again we can start worrying

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → INCOMPLETE
Group: dom-core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: