Closed Bug 452601 Opened 16 years ago Closed 14 years ago

crash caused by execution of flash disguised as an image

Categories

(Core Graveyard :: Plug-ins, defect)

x86
Linux
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 485125

People

(Reporter: guninski, Assigned: karlt)

References

()

Details

(Whiteboard: [sg:critical?][needs retesting on Linux])

see bug 452600
on browser exit with the testcase loaded there is crash

#5  <signal handler called>
#6  0xb7b535fc in gtk_widget_hide () from /usr/lib/libgtk-x11-2.0.so.0
#7  0xaeea5ebb in ?? ()
   from /home/joro-pub/inst/install_flash_player_9_linux/libflashplayer.so
#8  0xaee9b418 in ?? ()
   from /home/joro-pub/inst/install_flash_player_9_linux/libflashplayer.so
#9  0xaee94261 in ?? ()
   from /home/joro-pub/inst/install_flash_player_9_linux/libflashplayer.so
#10 0xaee98a17 in ?? ()
   from /home/joro-pub/inst/install_flash_player_9_linux/libflashplayer.so
#11 0x08384f64 in ns4xPluginInstance::Stop (this=0xb01529c0)
    at /opt/pub/firefox-central/src/modules/plugin/base/src/ns4xPluginInstance.cpp:956
#12 0x084fbc03 in DoStopPlugin (aInstanceOwner=0xb018c400, aDelayedStop=0)
    at /opt/pub/firefox-central/src/layout/generic/nsObjectFrame.cpp:1870
#13 0x084fc1dc in nsStopPluginRunnable::Run (this=0xafade540)

(gdb) frame 6
#6  0xb7b535fc in gtk_widget_hide () from /usr/lib/libgtk-x11-2.0.so.0
(gdb) x/i $pc
0xb7b535fc <gtk_widget_hide+44>:	cmp    %eax,(%edx)
(gdb) p/x $edx
$1 = 0x1
Whiteboard: [sg:investigate]
Component: Security → Plug-ins
Product: Firefox → Core
saw similar crash with java.

disassembly showed 
cmp    %eax,(%edx)
%edx was 0x5a5a5a5a
Whiteboard: [sg:investigate] → [sg:critical?][needs retesting on Linux]
Assignee: nobody → karlt
This is what I'd expect from bug 485125.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
Group: core-security
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.