Closed Bug 1840136 Opened 2 years ago Closed 2 years ago

Crash in [@ mozilla::ipc::DataPipeReceiver::AsyncWait::<T>::operator()]

Categories

(Core :: DOM: Workers, defect)

Product:
Core
Component:
DOM: Workers
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1839703
Tracking Flags:
Tracking Status
firefox-esr102 --- unaffected
firefox114 --- wontfix
firefox115 --- wontfix
firefox116 --- fixed

People

(Reporter: aryx, Unassigned)

Details

(Keywords: crash)

Crash Data

Crash signature new in Firefox 114.0.x with a use after free address. 139 crashes from 92 installations for 114.0.x.

Crash report: https://crash-stats.mozilla.org/report/index/afe16f8b-2e90-4664-892c-277ee0230622

Reason: EXCEPTION_ACCESS_VIOLATION_READ

Top 10 frames of crashing thread:

0  xul.dll  mozilla::ipc::DataPipeReceiver::AsyncWait::<lambda_8>::operator const  ipc/glue/DataPipe.cpp:660
0  xul.dll  NS_NewCancelableRunnableFunction<`lambda at /builds/worker/checkouts/gecko/ipc/glue/DataPipe.cpp:656:23'>::FuncCancelableRunnable::Run  xpcom/threads/nsThreadUtils.h:667
1  xul.dll  mozilla::dom::  dom/workers/WorkerPrivate.cpp:202
2  xul.dll  mozilla::dom::WorkerRunnable::Run  dom/workers/WorkerRunnable.cpp:377
3  xul.dll  nsThread::ProcessNextEvent  xpcom/threads/nsThread.cpp:1234
3  xul.dll  NS_ProcessNextEvent  xpcom/threads/nsThreadUtils.cpp:479
4  xul.dll  mozilla::dom::WorkerPrivate::DoRunLoop  dom/workers/WorkerPrivate.cpp:3287
5  xul.dll  mozilla::dom::workerinternals::  dom/workers/RuntimeService.cpp:2149
6  xul.dll  nsThread::ProcessNextEvent  xpcom/threads/nsThread.cpp:1234
6  xul.dll  NS_ProcessNextEvent  xpcom/threads/nsThreadUtils.cpp:479

Jan, please take a look at this security bug.

Flags: needinfo?(jvarga)
Status: NEW → RESOLVED
Closed: 2 years ago
Duplicate of bug: CVE-2023-3600
Resolution: --- → DUPLICATE

A dupe.

Flags: needinfo?(jvarga)
Group: dom-core-security
You need to log in before you can comment on or make changes to this bug.