Closed Bug 575102 Opened 15 years ago Closed 15 years ago

Crash [@ nsPersonalbarProp::GetVisible] with showModalDialog and personalbar

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
status1.9.2 --- .11-fixed
status1.9.1 --- .14-fixed

People

(Reporter: martijn.martijn, Unassigned)

References

Details

(Keywords: crash, regression, testcase, Whiteboard: [sg:dupe 588929])

Crash Data

Attachments

(1 file)

testcase
418 bytes, text/html
Details
Attached file testcase
See testcase, which crashes Mozilla in current trunk build. I suspect this is a regression from bug 194404. http://crash-stats.mozilla.com/report/index/bp-4b2ef887-3e42-45f5-933d-d52442100627 0 @0x89d4400 1 xul.dll nsPersonalbarProp::GetVisible dom/base/nsBarProps.cpp:225 2 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102 3 xul.dll XPC_WN_GetterSetter js/src/xpconnect/src/xpcwrappednativejsops.cpp:1833 4 mozjs.dll js_Invoke js/src/jsinterp.cpp:654 5 mozjs.dll js_InternalInvoke js/src/jsinterp.cpp:694 6 mozjs.dll js_NativeGet js/src/jsobj.cpp:4758 7 mozjs.dll js_Interpret js/src/jsops.cpp:1479 8 mozjs.dll js_Invoke js/src/jsinterp.cpp:664 9 mozjs.dll js_InternalInvoke js/src/jsinterp.cpp:694 10 mozjs.dll JS_CallFunctionValue js/src/jsapi.cpp:4634 11 xul.dll nsJSContext::CallEventHandler dom/base/nsJSEnvironment.cpp:2204 12 xul.dll nsGlobalWindow::RunTimeout dom/base/nsGlobalWindow.cpp:8631 13 xul.dll nsGlobalWindow::TimerCallback dom/base/nsGlobalWindow.cpp:8975 14 xul.dll nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:427 15 xul.dll nsTimerEvent::Run xpcom/threads/nsTimerImpl.cpp:519 16 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:547 17 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:118 18 xul.dll MessageLoop::RunInternal ipc/chromium/src/base/message_loop.cc:216 19 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:199 20 xul.dll xul.dll@0x313e63 21 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:173 22 xul.dll nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:175 23 xul.dll xul.dll@0xa0d5c3 24 xul.dll nsAppStartup::Run toolkit/components/startup/src/nsAppStartup.cpp:192 25 xul.dll XRE_main toolkit/xre/nsAppRunner.cpp:3624 26 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp:120 27 firefox.exe __tmainCRTStartup obj-firefox/memory/jemalloc/crtsrc/crtexe.c:591 28 kernel32.dll kernel32.dll@0x51193 29 ntdll.dll __RtlUserThreadStart 30 ntdll.dll _RtlUserThreadStart
The stack trace (executing random @0x89d4400) clearly looks like a security bug.
Group: core-security
Whiteboard: [sg:critical]
Isn't this the same as https://bugzilla.mozilla.org/show_bug.cgi?id=588929? mw22, could you test the patch in that one?
Hopefully the same (I noticed this one due to Martijn's comment in that bug), but I wanted to flag it in case it's not.
Depends on: CVE-2010-3180
Whiteboard: [sg:critical] → [sg:critical] fixed by 588929? dupe?
Now that Bug 588929 is fixed, I can't reproduce this anymore.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
status1.9.1: --- → .14-fixed
status1.9.2: --- → .11-fixed
Whiteboard: [sg:critical] fixed by 588929? dupe? → [sg:dupe 588929]
Group: core-security
Crash Signature: [@ nsPersonalbarProp::GetVisible]
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: