This bug was filed from the Socorro interface and is report bp-27e7d6fc-c8d9-4ca1-be95-f1be92120330 . ============================================================= STR: 1. Load http://lcamtuf.coredump.cx/cross_fuzz/ 2. Run cross_fuzz_msie_randomized_seed.html test 3. Wait about 1-2 minutes AR: Easily reproducible crash in GetMozBattery(). I've test two different MacBook Pros and two different user profiles. I was able to reproduce this crash many times on Nightly 2012-03-29 and 2012-03-14. https://crash-stats.mozilla.com/report/index/09a6e576-3824-4f2b-a2d3-e23312120329 https://crash-stats.mozilla.com/report/index/27e7d6fc-c8d9-4ca1-be95-f1be92120330 https://crash-stats.mozilla.com/report/index/dca52249-a269-4cd8-ace4-750012120330 https://crash-stats.mozilla.com/report/index/a2231a87-6696-4cc2-89b4-a34232120330 https://crash-stats.mozilla.com/report/index/09043995-5bee-43e6-b39d-f5cee2120330 https://crash-stats.mozilla.com/report/index/052e8251-354b-4104-9952-49ea72120330 https://crash-stats.mozilla.com/report/index/0e6cf481-9fc0-4a16-b758-194602120329 https://crash-stats.mozilla.com/report/index/66ebf1c3-78b6-4f0b-9a4b-fbe9a2120329 https://crash-stats.mozilla.com/report/index/d38a5d26-b011-4c42-84c0-27b922120330 https://crash-stats.mozilla.com/report/index/5ae59ce6-93ee-4535-aaea-cece92120330
I can't reproduce that on my Linux laptop. Is that Mac only?
I only have Mac test machines. I reproduced it on Mac OS X 10.6 and 10.7.
Created attachment 611104 [details] [diff] [review] Patch Stupid mistake... sorry about that :(
Comment on attachment 611104 [details] [diff] [review] Patch r=me
I wonder why my fuzzer missed this bug. Is there a reduced testcase?
I haven't done one but maybe we can ask QA to do one?
seems ff 13.0.2 is affected, please see Bug 767947
This has been fixed in Firefox 14, see the target milestone.
yes i saw, but why not in 13.x ?
We could indeed have pushed that to Firefox 13 but it's now too late.
(In reply to David Maciejak from comment #10) > yes i saw, but why not in 13.x ? This is not an exploitable crash and is not a major stability problem since it's a new, little-used feature. There is no practical user benefit to the disruption of an out-of-cycle release.
Verified on Ubuntu 12.04, Mac OS X 10.6 and Mac OS X 10.7 that Firefox 14 beta 10 does not crash when using the STR from the Description. Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20100101 Firefox/14.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:14.0) Gecko/20100101 Firefox/14.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:14.0) Gecko/20100101 Firefox/14.0 Also, checked in Socorro and there are no crashes on Firefox 14.
reduced testcase https://bugzilla.mozilla.org/attachment.cgi?id=639210