Closed Bug 655138 Opened 9 years ago Closed 9 years ago

Invalid write [@ nsUserFontSet::ReplaceFontEntry]

Categories

(Core :: Graphics, defect, critical)

x86_64
Linux
defect
Not set
critical

Tracking

()

RESOLVED FIXED

People

(Reporter: jruderman, Assigned: jfkthame)

Details

(Keywords: testcase, valgrind, Whiteboard: [sg:critical?])

Attachments

(3 files)

Loading layout/reftests/font-face/local-1.html under Valgrind gives me an invalid write (write after free) in nsUserFontSet::ReplaceFontEntry.
Whiteboard: [sg:critical?]
As usual, valgrind is right. Replacing the entry in mAvailableFonts can cause deletion of the old entry, so we mustn't try to use it after that.
Assignee: nobody → jfkthame
Attachment #530603 - Flags: review?(jdaggett)
Comment on attachment 530603 [details] [diff] [review]
patch, don't use aOldFontEntry after it may have been released

Argh, sorry I missed this when reviewing previous patches.
Attachment #530603 - Flags: review?(jdaggett) → review+
http://hg.mozilla.org/mozilla-central/rev/c6f971864dde
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Group: core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.