Closed Bug 452601 Opened 17 years ago Closed 15 years ago

crash caused by execution of flash disguised as an image

Categories

(Core Graveyard :: Plug-ins, defect)

Product:
Core Graveyard
Component:
Plug-ins
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 485125

People

(Reporter: guninski, Assigned: karlt)

References

(
URL
)

Details

(Whiteboard: [sg:critical?][needs retesting on Linux])

see bug 452600 on browser exit with the testcase loaded there is crash #5 <signal handler called> #6 0xb7b535fc in gtk_widget_hide () from /usr/lib/libgtk-x11-2.0.so.0 #7 0xaeea5ebb in ?? () from /home/joro-pub/inst/install_flash_player_9_linux/libflashplayer.so #8 0xaee9b418 in ?? () from /home/joro-pub/inst/install_flash_player_9_linux/libflashplayer.so #9 0xaee94261 in ?? () from /home/joro-pub/inst/install_flash_player_9_linux/libflashplayer.so #10 0xaee98a17 in ?? () from /home/joro-pub/inst/install_flash_player_9_linux/libflashplayer.so #11 0x08384f64 in ns4xPluginInstance::Stop (this=0xb01529c0) at /opt/pub/firefox-central/src/modules/plugin/base/src/ns4xPluginInstance.cpp:956 #12 0x084fbc03 in DoStopPlugin (aInstanceOwner=0xb018c400, aDelayedStop=0) at /opt/pub/firefox-central/src/layout/generic/nsObjectFrame.cpp:1870 #13 0x084fc1dc in nsStopPluginRunnable::Run (this=0xafade540) (gdb) frame 6 #6 0xb7b535fc in gtk_widget_hide () from /usr/lib/libgtk-x11-2.0.so.0 (gdb) x/i $pc 0xb7b535fc <gtk_widget_hide+44>: cmp %eax,(%edx) (gdb) p/x $edx $1 = 0x1
Whiteboard: [sg:investigate]
Component: Security → Plug-ins
Product: Firefox → Core
saw similar crash with java. disassembly showed cmp %eax,(%edx) %edx was 0x5a5a5a5a
Whiteboard: [sg:investigate] → [sg:critical?][needs retesting on Linux]
Assignee: nobody → karlt
This is what I'd expect from bug 485125.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Group: core-security
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.