Closed
Bug 533964
Opened 15 years ago
Closed 15 years ago
Breakpoint starting at ntdll!DbgBreakPoint+0x000000000000 0000 called from mozjs!js_Interpret+0x0000000000014a71
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 533254
Tracking | Status | |
---|---|---|
blocking2.0 | --- | alpha1+ |
People
(Reporter: cbook, Unassigned)
References
()
Details
(Keywords: crash, Whiteboard: [crashkill-automation])
Steps to reproduce: -> Latest 3.7 (trunk) debug build on windows (seems windows only) -> Load http://map.naver.com/ -> Crash on Load also related to Bug 533705 ? (d10.d14): Break instruction exception - code 80000003 (!!! second chance !!!) eax=00000062 ebx=7ffdf000 ecx=24f7783d edx=10313d38 esi=ffffffff edi=00240000 eip=7c90120e esp=0012d980 ebp=0012d984 iopl=0 nv up ei pl nz na pe nc 7c90120e cc int 3 0:000> cdb: Reading initial command '!load winext\msec.dll;.logappend;!exploitab le;k;q' Exploitability Classification: UNKNOWN Recommended Bug Title: Breakpoint starting at ntdll!DbgBreakPoint+0x000000000000 0000 called from mozjs!js_Interpret+0x0000000000014a71 (Hash=0x1c431c13.0x255d2b 05) While a breakpoint itself is probably not exploitable, it may also be an indicat ion that an attacker is testing a target. In either case breakpoints should not exist in production code. ChildEBP RetAddr WARNING: Stack unwind information not available. Following frames may be wrong. 0012d984 00543da1 ntdll!DbgBreakPoint 0012dfb8 0052ce62 mozjs!js_Interpret+0x14a71 0012e080 0051cb17 mozjs!js_Invoke+0x922 0012e0cc 0053eaad mozjs!js_fun_apply+0x2d7 0012e700 0052ce62 mozjs!js_Interpret+0xf77d 0012e7c8 0051cb17 mozjs!js_Invoke+0x922 0012e814 0053eaad mozjs!js_fun_apply+0x2d7 0012ee48 0052dce4 mozjs!js_Interpret+0xf77d 0012eed8 004d5099 mozjs!js_Execute+0x424 0012ef00 032dafe8 mozjs!JS_EvaluateUCScriptForPrincipals+0xe9 0012efbc 031392c7 gklayout!nsJSContext::EvaluateString+0x328 0012f0b4 03138c9f gklayout!nsScriptLoader::EvaluateScript+0x377 0012f178 031384d0 gklayout!nsScriptLoader::ProcessRequest+0x10f 0012f678 036482b9 gklayout!nsScriptLoader::ProcessScriptElement+0x10a0 0012f6ac 03660374 gklayout!nsScriptElement::MaybeProcessScript+0x149 0012f764 0366008f gklayout!nsHTMLScriptElement::MaybeProcessScript+0x24 0012f770 031f7cff gklayout!nsHTMLScriptElement::DoneAddingChildren+0x1f 0012f794 031f2bbd gklayout!HTMLContentSink::ProcessSCRIPTEndTag+0xcf 0012f7c8 031f5ff0 gklayout!SinkContext::CloseContainer+0x31d 0012f7e0 02a6fb7a gklayout!HTMLContentSink::CloseContainer+0xa0 quit:
Reporter | ||
Comment 1•15 years ago
|
||
ups, more testing shows its a dupe of Bug 533254, sorry !
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Updated•15 years ago
|
blocking2.0: ? → alpha1
Updated•15 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•