Closed Bug 542742 Opened 14 years ago Closed 13 years ago

Web Worker Array Handling OOM crash [@ nsDOMWorker::PostMessageInternal | operator new]

Categories

(Core :: General, defect)

Product:
Core
Component:
General
Platform:
x86
Windows Vista
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: whimboo, Unassigned)

Details

(Keywords: crash, testcase)

Crash Data

Attachments

(1 file)

WindDBG stack
21.40 KB, text/plain
Details
Attached file WindDBG stack 
+++ This bug was initially created as a clone of Bug #533000 +++

Running the POC testcase attached to bug 533000 will cause Firefox to crash due to OOM after a couple of minutes.

BUCKET_ID:  e06d7363_MOZCRT19!operator_new+73
FAILURE_BUCKET_ID:  APPLICATION_FAULT_e06d7363_MOZCRT19.dll!operator_new
When running out of memory causes |operator new| to crash, it's not an exploitable crash.  We're trying to do that more, not less.
Group: core-security
blocking2.0: ? → ---
Keywords: testcase
Summary: Web Worker Array Handling OOM crash → Web Worker Array Handling OOM crash [@ nsDOMWorker::PostMessageInternal | operator new]
Crash Signature: [@ nsDOMWorker::PostMessageInternal | operator new]
WFM.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: