crash via mozilla::gl::GLContext::UploadSurfaceToTexture on mac playing a video

RESOLVED FIXED in Firefox 7

Status

()

Core
Graphics
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: gal, Unassigned)

Tracking

({regression})

unspecified
mozilla8
x86
Mac OS X
regression
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox5- unaffected, firefox6 unaffected, firefox7+ fixed, firefox8+ fixed, status1.9.2 unaffected)

Details

(Whiteboard: [sg:critical?][qa-], crash signature)

(Reporter)

Description

6 years ago
Playing the video at https://browserid.org/users reliably crashes my MacOSX nightly build. Crash address looks random, so this might be exploitable.

https://crash-stats.mozilla.com/report/index/bp-a32bd99f-d985-46f4-ba3f-7ce132110714
(Reporter)

Updated

6 years ago
Whiteboard: [sg:critical?]
Probably a dup of bug 670573.
Depends on: 670573
Crash Signature: [@ libGLImage.dylib@0x4caf ]

Updated

6 years ago
status-firefox5: --- → wontfix
status-firefox6: --- → affected
status-firefox7: --- → affected
status-firefox8: --- → affected
tracking-firefox5: --- → -
tracking-firefox6: --- → +
tracking-firefox7: --- → +
tracking-firefox8: --- → +
If this is a dupe of bug 670573 then Firefox 5 and 6 should not be affected.

qawanted: test this video on Firefox 5, 6, and 7
Keywords: qawanted
Tested this video using:

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0.1) Gecko/20100101 Firefox/5.0.1

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0) Gecko/20100101 Firefox/6.0

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0a2) Gecko/20110804 Firefox/7.0a2

and was not able to crash playing the video.
Keywords: qawanted

Comment 4

6 years ago
And this should be resolved everywhere because bug 670573 landed on mozilla-central and mozila-aurora and mozilla-beta was unaffected. If it still happens anywhere it isn't a strict dupe of bug 670573.

Clearing the tracking for Firefox 6.
status-firefox6: affected → ---
status-firefox7: affected → ---
status-firefox8: affected → ---
tracking-firefox6: + → ---
tracking-firefox7: + → ---
Group: core-security
status-firefox5: wontfix → unaffected
status-firefox6: --- → unaffected
status-firefox7: --- → fixed
status-firefox8: --- → fixed
Target Milestone: --- → mozilla8
Keywords: regression
Blocks: 656185
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
tracking-firefox7: --- → +
status1.9.2: --- → unaffected
qa- as QA was unable to reproduce this bug originally. Andreas, please verify this bug is fixed in Firefox 7 and 8.
Whiteboard: [sg:critical?] → [sg:critical?][qa-]
You need to log in before you can comment on or make changes to this bug.