Closed Bug 555139 (CVE-2010-1122) Opened 15 years ago Closed 13 years ago

non-WOFF crashes [@ nsCOMPtr_base::assign_assuming_AddRef(nsISupports*) | nsInputStreamPump::OnStateStop() ]

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: chofmann, Unassigned)

Details

(Keywords: crash)

Crash Data

spin off of Bug 552216 comment 7 and 8. this might become CVE-2010-1122 there have only been a handful of crashes outside the WOFF fixed by that bug. None of the URLs in the crash data seem to be reproducible crashes so we might need code inspection of other decompression areas of the code to take the investigation further. Here are links to crash reports and test urls since the first of the year for the non-3.6 crashes 20100113-crashdata.csv:nsCOMPtr_base::assign_assuming_AddRef(nsISupports*) | nsInputStreamPump::OnStateStop() 3.5.7 http://crash-stats.mozilla.com/report/index/5dd54545-5460-4b87-aead-24dac2100113 http://www.newegg.com/Product/ImageGallery.aspx?CurImage=22-152-213-S01&SCList=22-152-213-S01&S7ImageFlag=2&Item=N82E16822152213R&Depa=99&WaterMark=1&Description=SAMSUNG%20Story%20Station%201.5TB%20External%20Hard%20Drive%20HX-DU015EB%2fA62 20100121-crashdata.csv:nsCOMPtr_base::assign_assuming_AddRef(nsISupports*) | nsInputStreamPump::OnStateStop() 3.5.7 http://crash-stats.mozilla.com/report/index/4007f70c-c576-4b4a-b30e-9f3122100121 20100301-crashdata.csv:nsCOMPtr_base::assign_assuming_AddRef(nsISupports*) | nsInputStreamPump::OnStateStop() 3.5.8 http://crash-stats.mozilla.com/report/index/03ccb7e8-79ec-49b8-a38f-6f65f2100301 http://www.google.es/ig?sourceid=navclient&hl=es&ie=UTF-8 20100301-crashdata.csv:nsCOMPtr_base::assign_assuming_AddRef(nsISupports*) | nsInputStreamPump::OnStateStop() 3.5.8 http://crash-stats.mozilla.com/report/index/b1ab0b18-0e4a-4545-8be4-382692100301 http://www.google.co.uk/#hl=en&q=winter+++fishing+for+rainbow+trout&meta=cr%3DcountryUK%7CcountryGB&aq=&oq=winter+++fishing+for+rainbow+trout&fp=c6c9946001627c7b 20100307-crashdata.csv:nsCOMPtr_base::assign_assuming_AddRef(nsISupports*) | nsInputStreamPump::OnStateStop() 3.5.8 http://crash-stats.mozilla.com/report/index/e2338dcb-be3f-442e-8662-ab1352100307 http://suchen.mobile.de/fahrzeuge/search.html?isSearchRequest=true&sortOption.sortBy=price.consumerGrossEuro&sortOption.sortOrder=ASCENDING&lang=de&scopeId=C&_features=on&bodyStyleRadio=on&categories=SportsCar&makeModelVariant1.makeId=3500&makeModelVarian 20100309-crashdata.csv:nsCOMPtr_base::assign_assuming_AddRef(nsISupports*) | nsInputStreamPump::OnStateStop() 3.7a3pre http://crash-stats.mozilla.com/report/index/af8bfac2-3e95-4c33-ae30-8f96b2100309 http://www.torrentino.ru/search/12 20100313-crashdata.csv:nsCOMPtr_base::assign_assuming_AddRef(nsISupports*) | nsInputStreamPump::OnStateStop() 3.6.2pre http://crash-stats.mozilla.com/report/index/37919069-18f3-4289-aa5d-33b6a2100313 http://localhost:8080/1.html 20100323-crashdata.csv:nsCOMPtr_base::assign_assuming_AddRef(nsISupports*) | nsInputStreamPump::OnStateStop() 3.6.2 http://crash-stats.mozilla.com/report/index/f04a1aa1-aa7a-46f2-8626-47d1a2100323
http://mxr.mozilla.org/mozilla1.9.2/search?string=uncompress might be the candidate areas for examination. the list gets a whole lot smaller if the search is restricted to png and libpr0n and a few other areas.
Keywords: crash
OS: Mac OS X → All
Hardware: x86 → All
Alias: CVE-2010-1122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1122 is public so no reason to keep this closed. the remain issues from bug 552216 are tracked here so the CVE should be updated.
Group: core-security
Crash Signature: [@ nsCOMPtr_base::assign_assuming_AddRef(nsISupports*) | nsInputStreamPump::OnStateStop() ]
I don't see reports of this anymore recently.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.