Closed Bug 682204 Opened 13 years ago Closed 13 years ago

Malformed Silf table in Graphite leads to crash [@graphite2::vm::Code::release_buffers]

Categories

(Core :: Graphics, defect)

x86_64
macOS
defect
Not set
critical

Tracking

()

RESOLVED FIXED
Tracking Status
firefox6 --- unaffected
firefox7 - unaffected
firefox8 - unaffected
firefox9 - unaffected
firefox10 + verified
firefox-esr10 --- unaffected

People

(Reporter: posidron, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash, testcase, Whiteboard: [sg:critical?][qa!])

Attachments

(2 files)

Attached file testcase
      No description provided.
Attached file callstack
Blocks: 681976
Fixed in repo. Thanks for finding a class of bug we hadn't checked for in our fuzz testing. Running a long fuzz test in that area now to flush out any more.
This fix is included in the latest version of the graphite2 code in bug 631479 part 1 (attachment 556272 [details] [diff] [review]).
Depends on: 631479
Whiteboard: [sg:critical?]
Given comment 3 should we mark this bug "fixed" then? it's not actually in the Firefox product and now won't be.
Marking "fixed" as per comments 3 and 4 - the bug never actually landed in our tree, and is now fixed upstream and in our under-review patch.

Not sure why this is marked as "status-firefox9: affected", therefore?
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Whiteboard: [sg:critical?] → [sg:critical?][qa+]
No crash in 10.0b2 on Mac OS X. 

As I understand it, there's no prior build to observe crash, so marking verified in Fx 10 and closing out QA verification flag.
Whiteboard: [sg:critical?][qa+] → [sg:critical?][qa!]
Group: core-security
You need to log in before you can comment on or make changes to this bug.