Closed Bug 575102 Opened 14 years ago Closed 14 years ago

Crash [@ nsPersonalbarProp::GetVisible] with showModalDialog and personalbar

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
status1.9.2 --- .11-fixed
status1.9.1 --- .14-fixed

People

(Reporter: martijn.martijn, Unassigned)

References

Details

(Keywords: crash, regression, testcase, Whiteboard: [sg:dupe 588929])

Crash Data

Attachments

(1 file)

testcase
418 bytes, text/html
Details
Attached file testcase 
See testcase, which crashes Mozilla in current trunk build. I suspect this is a regression from bug 194404.

http://crash-stats.mozilla.com/report/index/bp-4b2ef887-3e42-45f5-933d-d52442100627
0  	 	@0x89d4400  	
1 	xul.dll 	nsPersonalbarProp::GetVisible 	dom/base/nsBarProps.cpp:225
2 	xul.dll 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102
3 	xul.dll 	XPC_WN_GetterSetter 	js/src/xpconnect/src/xpcwrappednativejsops.cpp:1833
4 	mozjs.dll 	js_Invoke 	js/src/jsinterp.cpp:654
5 	mozjs.dll 	js_InternalInvoke 	js/src/jsinterp.cpp:694
6 	mozjs.dll 	js_NativeGet 	js/src/jsobj.cpp:4758
7 	mozjs.dll 	js_Interpret 	js/src/jsops.cpp:1479
8 	mozjs.dll 	js_Invoke 	js/src/jsinterp.cpp:664
9 	mozjs.dll 	js_InternalInvoke 	js/src/jsinterp.cpp:694
10 	mozjs.dll 	JS_CallFunctionValue 	js/src/jsapi.cpp:4634
11 	xul.dll 	nsJSContext::CallEventHandler 	dom/base/nsJSEnvironment.cpp:2204
12 	xul.dll 	nsGlobalWindow::RunTimeout 	dom/base/nsGlobalWindow.cpp:8631
13 	xul.dll 	nsGlobalWindow::TimerCallback 	dom/base/nsGlobalWindow.cpp:8975
14 	xul.dll 	nsTimerImpl::Fire 	xpcom/threads/nsTimerImpl.cpp:427
15 	xul.dll 	nsTimerEvent::Run 	xpcom/threads/nsTimerImpl.cpp:519
16 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:547
17 	xul.dll 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:118
18 	xul.dll 	MessageLoop::RunInternal 	ipc/chromium/src/base/message_loop.cc:216
19 	xul.dll 	MessageLoop::RunHandler 	ipc/chromium/src/base/message_loop.cc:199
20 	xul.dll 	xul.dll@0x313e63 	
21 	xul.dll 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:173
22 	xul.dll 	nsBaseAppShell::Run 	widget/src/xpwidgets/nsBaseAppShell.cpp:175
23 	xul.dll 	xul.dll@0xa0d5c3 	
24 	xul.dll 	nsAppStartup::Run 	toolkit/components/startup/src/nsAppStartup.cpp:192
25 	xul.dll 	XRE_main 	toolkit/xre/nsAppRunner.cpp:3624
26 	firefox.exe 	wmain 	toolkit/xre/nsWindowsWMain.cpp:120
27 	firefox.exe 	__tmainCRTStartup 	obj-firefox/memory/jemalloc/crtsrc/crtexe.c:591
28 	kernel32.dll 	kernel32.dll@0x51193 	
29 	ntdll.dll 	__RtlUserThreadStart 	
30 	ntdll.dll 	_RtlUserThreadStart
The stack trace (executing random   @0x89d4400) clearly looks like a security bug.
Group: core-security
Whiteboard: [sg:critical]
Isn't this the same as https://bugzilla.mozilla.org/show_bug.cgi?id=588929?
mw22, could you test the patch in that one?
Hopefully the same (I noticed this one due to Martijn's comment in that bug), but I wanted to flag it in case it's not.
Depends on: CVE-2010-3180
Whiteboard: [sg:critical] → [sg:critical] fixed by 588929? dupe?
Now that Bug 588929 is fixed, I can't reproduce this anymore.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
status1.9.1: --- → .14-fixed
status1.9.2: --- → .11-fixed
Whiteboard: [sg:critical] fixed by 588929? dupe? → [sg:dupe 588929]
Group: core-security
Crash Signature: [@ nsPersonalbarProp::GetVisible]
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: