Closed
Bug 1867983
Opened 6 months ago
Closed 6 months ago
Crash in [@ libgdk-3.so.0@0x55ade] called from ~NativeLayerRootWayland()
Categories
(Core :: Widget: Gtk, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1868038
Tracking | Status | |
---|---|---|
firefox122 | --- | fixed |
People
(Reporter: release-mgmt-account-bot, Unassigned)
References
(Blocks 1 open bug)
Details
(4 keywords, Whiteboard: [adv-main122-])
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/5405cf22-747c-4c93-8937-1e9910231202
Reason: SIGSEGV / SI_KERNEL
Top 10 frames of crashing thread:
0 libgdk-3.so.0 libgdk-3.so.0@0x55ade
1 libxul.so mozilla::layers::NativeLayerRootWayland::~NativeLayerRootWayland gfx/layers/NativeLayerWayland.cpp:79
2 libxul.so mozilla::layers::NativeLayerRoot::Release gfx/layers/NativeLayer.h:47
2 libxul.so mozilla::RefPtrTraits<mozilla::layers::NativeLayerRootWayland>::Release mfbt/RefPtr.h:54
2 libxul.so RefPtr<mozilla::layers::NativeLayerRootWayland>::ConstRemovingRefPtrTraits<mozilla::layers::NativeLayerRootWayland>::Release mfbt/RefPtr.h:420
2 libxul.so RefPtr<mozilla::layers::NativeLayerRootWayland>::~RefPtr mfbt/RefPtr.h:85
2 libxul.so mozilla::widget::GtkCompositorWidget::~GtkCompositorWidget widget/gtk/GtkCompositorWidget.cpp:64
3 libxul.so mozilla::widget::InProcessGtkCompositorWidget::~InProcessGtkCompositorWidget widget/gtk/InProcessGtkCompositorWidget.h:16
4 libxul.so mozilla::widget::CompositorWidget::Release widget/CompositorWidget.h:90
4 libxul.so mozilla::RefPtrTraits<mozilla::widget::CompositorWidget>::Release mfbt/RefPtr.h:54
By querying Nightly crashes reported within the last 2 months, here are some insights about the signature:
- First crash report: 2023-11-28
- Process type: Parent
- Is startup crash: No
- Has user comments: Yes
- Is null crash: No
- Is use after free crash: Yes - all crashes happened on or near an allocator poison value
Updated•6 months ago
|
Group: core-security → dom-core-security
Component: General → Widget: Gtk
Updated•6 months ago
|
Group: dom-core-security → layout-core-security
Comment 1•6 months ago
|
||
UAF crash in the parent, first seen in the 20231127092818 build. Did we change something in our Wayland-related code just before then? Very low volume, and not seen after Nov 29 builds so maybe it got fixed
Summary: Crash in [@ libgdk-3.so.0@0x55ade] → Crash in [@ libgdk-3.so.0@0x55ade] called from ~NativeLayerRootWayland()
Updated•6 months ago
|
Updated•5 months ago
|
Updated•5 months ago
|
Group: layout-core-security
Updated•5 months ago
|
Whiteboard: [adv-main122-]
You need to log in
before you can comment on or make changes to this bug.
Description
•