Closed
Bug 503237
Opened 15 years ago
Closed 13 years ago
Crash [@ imgLoader::GetCache] null pointer read
Categories
(Core :: Graphics: ImageLib, defect)
Core
Graphics: ImageLib
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: gfleischer+bugzilla, Unassigned)
Details
(Keywords: crash, testcase, Whiteboard: [sg:dos][ccbr])
Crash Data
Attachments
(2 files)
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.0.11) Gecko/2009060214 Firefox/3.0.11 Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.1pre) Gecko/20090708 Shiretoko/3.5.1pre Crash with null pointer read when loadImageWithChannel is called for image. Reproducible: Always
|
Reporter | |
Comment 1•15 years ago
|
||
|
|
Reporter | |
Comment 2•15 years ago
|
||
|
||
Updated•15 years ago
|
Attachment #387592 -
Attachment mime type: application/octet-stream → text/plain
|
||
Comment 3•15 years ago
|
||
Crashes in trunk: http://crash-stats.mozilla.com/report/index/a35119e6-53d8-429f-ad92-0e8da2090709 0 XUL imgLoader::LoadImageWithChannel modules/libpr0n/src/imgLoader.cpp:542 1 XUL nsImageLoadingContent::LoadImageWithChannel content/base/src/nsImageLoadingContent.cpp:450 2 XUL NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/unix/xptcinvoke_unixish_x86.cpp:179 3 XUL XPCWrappedNative::CallMethod js/src/xpconnect/src/xpcwrappednative.cpp:2691 4 XUL XPC_WN_CallMethod js/src/xpconnect/src/xpcwrappednativejsops.cpp:1732 5 libmozjs.dylib js_Invoke js/src/jsinterp.cpp:1389 6 libmozjs.dylib js_Interpret js/src/jsinterp.cpp:5242 7 libmozjs.dylib js_Invoke js/src/jsinterp.cpp:1397 8 libmozjs.dylib js_InternalInvoke js/src/jsinterp.cpp:1469 9 libmozjs.dylib JS_CallFunctionValue js/src/jsapi.cpp:5199 10 XUL nsJSContext::CallEventHandler dom/base/nsJSEnvironment.cpp:2090 etc... Also crashes in Firefox 3: http://crash-stats.mozilla.com/report/index/f5737c21-d73d-4a53-8e9c-41f602090709?p=1 0 XUL GetCacheSession mozilla/modules/libpr0n/src/imgCache.cpp:140 1 XUL imgCache::Get mozilla/modules/libpr0n/src/imgCache.cpp:265 2 XUL imgLoader::LoadImageWithChannel mozilla/modules/libpr0n/src/imgLoader.cpp:577 3 XUL nsImageLoadingContent::LoadImageWithChannel mozilla/content/base/src/nsImageLoadingContent.cpp:449 4 XUL NS_InvokeByIndex_P mozilla/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_unixish_x86.cpp:179 5 XUL XPCWrappedNative::CallMethod mozilla/js/src/xpconnect/src/xpcwrappednative.cpp:2393 6 XUL XPC_WN_CallMethod mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp:1473 7 libmozjs.dylib js_Invoke mozilla/js/src/jsinvoke.c:1304 8 libmozjs.dylib js_Interpret mozilla/js/src/jsinterp.c:4877 9 libmozjs.dylib js_Invoke mozilla/js/src/jsinvoke.c:1320 10 libmozjs.dylib js_InternalInvoke mozilla/js/src/jsinvoke.c:1376 11 libmozjs.dylib JS_CallFunctionValue mozilla/js/src/jslong.c:5058 etc..
|
||
Comment 4•15 years ago
|
||
Looks like we need to check to see if GetURI on the channel fails, and if it does, bail out. Not entirely sure why it would fail, but I suppose we can have all sorts of reasons for failure.
|
||
Comment 5•15 years ago
|
||
We generally don't treat null derefs as security bugs. Joe, there's a testcase :)
Group: core-security
Whiteboard: [ccbr]
|
||
Updated•15 years ago
|
Whiteboard: [ccbr] → [sg:dos][ccbr]
|
Assignee | |
Updated•13 years ago
|
Crash Signature: [@ imgLoader::GetCache]
|
||
Comment 6•13 years ago
|
||
Testcase no longer exhibits crash, marking fixed.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
|
||
Comment 7•13 years ago
|
||
Not clear what fixed it, so marking worksforme.
Resolution: FIXED → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•