Closed Bug 549160 Opened 14 years ago Closed 13 years ago

Invalid write [@ TRun::CacheGlyphPositions]

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: jruderman, Unassigned)

References

Details

(Keywords: testcase, valgrind, Whiteboard: [sg:vector-critical (Apple)] rdar://7776410)

Attachments

(2 files)

testcase
86 bytes, text/html
Details
valgrind output
5.30 KB, text/plain
Details
Attached file testcase 
Tested with Firefox trunk (32-bit), Valgrind trunk, Mac OS X 10.5.

This happens in Core Text, so we'll want to tell Apple about it.
Attached file valgrind output 

    
    

    
  
Affects Firefox trunk but not Firefox 3.6.

    
    

    
  
Reported to Apple. rdar://7776410
Whiteboard: [sg:vector-critical (Apple)] → [sg:vector-critical (Apple)] rdar://7776410

    
    

    
  
Apple is treating this as a critical security issue.

    
    

    
  
I can't reproduce with Firefox trunk now, but I can still reproduce if I go back to Firefox 3.7a3.  I let Apple's product security team know.

    
    

    
  
In a June 2010 email exchange, Apple says this is most likely a fixed Firefox bug.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME

    
  
Group: core-security → core-security-release
Group: core-security-release

          You need to log in
          before you can comment on or make changes to this bug.