Closed
Bug 1753817
Opened 3 years ago
Closed 3 years ago
Crash in [@ mozilla::dom::ToJSValue | mozilla::dom::RTCRtpReceiver_Binding::getStats_promiseWrapper]
Categories
(Core :: WebRTC: Signaling, defect, P4)
Tracking
()
RESOLVED
DUPLICATE
of bug 1753938
| Tracking | Status | |
|---|---|---|
| firefox-esr91 | --- | unaffected |
| firefox96 | --- | unaffected |
| firefox97 | --- | unaffected |
| firefox98 | + | fixed |
People
(Reporter: aryx, Unassigned)
References
(Regression)
Details
(Keywords: crash)
Crash Data
27 crashes from 4+ installations, oldest is Firefox 98.0a1 20220202093701
Crash report: https://crash-stats.mozilla.org/report/index/5e93a8bd-d7d8-4646-8433-9e20e0220205
Reason: EXCEPTION_ACCESS_VIOLATION_READ
Top 4 frames of crashing thread:
0 xul.dll mozilla::dom::ToJSValue dom/bindings/ToJSValue.cpp:64
1 xul.dll mozilla::dom::RTCRtpReceiver_Binding::getStats_promiseWrapper dom/bindings/RTCRtpReceiverBinding.cpp:141
2 xul.dll mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ConvertExceptionsToPromises> dom/bindings/BindingUtils.cpp:3306
3 None @0x000002388681a8de
Flags: needinfo?(bvandyk)
|
||
Updated•3 years ago
|
Flags: needinfo?(bvandyk) → needinfo?(na-g)
|
||
Updated•3 years ago
|
Has Regression Range: --- → yes
|
||
Comment 1•3 years ago
|
||
This looks like a null deref, so I'd guess it isn't a security bug. Maybe something's returning null through in a place where the WebIDL doesn't expect it to be null?
|
||
Updated•3 years ago
|
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
|
|
||
Updated•3 years ago
|
Group: media-core-security
|
|
||
Updated•3 years ago
|
|
||
Updated•2 years ago
|
Severity: S2 → S4
Flags: needinfo?(na-g)
Priority: -- → P4
You need to log in
before you can comment on or make changes to this bug.
Description
•