Closed Bug 542742 Opened 16 years ago Closed 14 years ago

Web Worker Array Handling OOM crash [@ nsDOMWorker::PostMessageInternal | operator new]

Tracking

()

Status:

RESOLVED WORKSFORME

People

(Reporter: whimboo, Unassigned)

Details

(Keywords: crash, testcase)

Crash Data

Attachments

(1 file)

WindDBG stack 16 years ago Henrik Skupin [:whimboo][⌚️UTC+2] 21.40 KB, text/plain		Details

Henrik Skupin [:whimboo][⌚️UTC+2]

Reporter

Description

•

16 years ago

Attached file WindDBG stack — Details

+++ This bug was initially created as a clone of Bug #533000 +++ Running the POC testcase attached to bug 533000 will cause Firefox to crash due to OOM after a couple of minutes. BUCKET_ID: e06d7363_MOZCRT19!operator_new+73 FAILURE_BUCKET_ID: APPLICATION_FAULT_e06d7363_MOZCRT19.dll!operator_new

Jesse Ruderman

Comment 1

•

16 years ago

When running out of memory causes |operator new| to crash, it's not an exploitable crash. We're trying to do that more, not less.

Group: core-security

blocking2.0: ? → ---

Keywords: testcase

Summary: Web Worker Array Handling OOM crash → Web Worker Array Handling OOM crash [@ nsDOMWorker::PostMessageInternal | operator new]

Nobody; OK to take it and work on it

Assignee

Updated

•

14 years ago

Crash Signature: [@ nsDOMWorker::PostMessageInternal | operator new]

Ben Turner (not reading bugmail, use the needinfo flag!)

Comment 2

•

14 years ago

WFM.

Status: NEW → RESOLVED

Closed: 14 years ago

Resolution: --- → WORKSFORME

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Web Worker Array Handling OOM crash [@ nsDOMWorker::PostMessageInternal | operator new]

Categories

(Core :: General, defect)

Tracking

()

People

(Reporter: whimboo, Unassigned)

References

Details

(Keywords: crash, testcase)

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Updated

Comment 2

Attachment

General

Description

File Name

Content Type