Last Comment Bug 740707 - cross_fuzz crash in mozilla::dom::Navigator::GetMozBattery
: cross_fuzz crash in mozilla::dom::Navigator::GetMozBattery
Status: RESOLVED FIXED
: crash, csectype-dos, reproducible
Product: Core
Classification: Components
Component: DOM: Core & HTML (show other bugs)
: Trunk
: All All
: -- critical (vote)
: mozilla14
Assigned To: Mounir Lamouri (:mounir)
:
: Andrew Overholt [:overholt]
Mentors:
http://lcamtuf.coredump.cx/cross_fuzz...
: 767174 767947 771037 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-29 23:33 PDT by Chris Peterson [:cpeterson]
Modified: 2012-07-07 01:02 PDT (History)
9 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
affected
affected
affected
verified
affected


Attachments
Patch (785 bytes, patch)
2012-03-30 18:47 PDT, Mounir Lamouri (:mounir)
justin.lebar+bug: review+
mounir: checkin+
Details | Diff | Splinter Review

Comment 1 Mounir Lamouri (:mounir) 2012-03-30 10:25:50 PDT
I can't reproduce that on my Linux laptop. Is that Mac only?
Comment 2 Chris Peterson [:cpeterson] 2012-03-30 10:28:16 PDT
I only have Mac test machines. I reproduced it on Mac OS X 10.6 and 10.7.
Comment 3 Mounir Lamouri (:mounir) 2012-03-30 18:47:20 PDT
Created attachment 611104 [details] [diff] [review]
Patch

Stupid mistake... sorry about that :(
Comment 4 Justin Lebar (not reading bugmail) 2012-03-30 18:54:23 PDT
Comment on attachment 611104 [details] [diff] [review]
Patch

r=me
Comment 5 Ed Morley [:emorley] 2012-03-31 19:20:33 PDT
https://hg.mozilla.org/mozilla-central/rev/839c971b9022
Comment 6 Jesse Ruderman 2012-04-19 18:49:18 PDT
I wonder why my fuzzer missed this bug. Is there a reduced testcase?
Comment 7 Mounir Lamouri (:mounir) 2012-04-20 01:12:36 PDT
I haven't done one but maybe we can ask QA to do one?
Comment 8 David Maciejak 2012-06-25 05:54:21 PDT
seems ff 13.0.2 is affected, please see Bug 767947
Comment 9 Mounir Lamouri (:mounir) 2012-06-25 06:27:12 PDT
This has been fixed in Firefox 14, see the target milestone.
Comment 10 David Maciejak 2012-06-25 06:38:42 PDT
yes i saw, but why not in 13.x ?
Comment 11 Mounir Lamouri (:mounir) 2012-06-25 06:43:12 PDT
We could indeed have pushed that to Firefox 13 but it's now too late.
Comment 12 Andrew McCreight [:mccr8] 2012-06-27 07:06:27 PDT
*** Bug 767947 has been marked as a duplicate of this bug. ***
Comment 13 Andrew McCreight [:mccr8] 2012-06-27 11:00:04 PDT
*** Bug 767174 has been marked as a duplicate of this bug. ***
Comment 14 Daniel Veditz [:dveditz] 2012-06-27 11:05:21 PDT
(In reply to David Maciejak from comment #10)
> yes i saw, but why not in 13.x ?

This is not an exploitable crash and is not a major stability problem since it's a new, little-used feature. There is no practical user benefit to the disruption of an out-of-cycle release.
Comment 15 Simona B [:simonab ] 2012-07-03 09:04:57 PDT
Verified on Ubuntu 12.04, Mac OS X 10.6 and Mac OS X 10.7 that Firefox 14 beta 10 does not crash when using the STR from the Description. 

Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20100101 Firefox/14.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:14.0) Gecko/20100101 Firefox/14.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:14.0) Gecko/20100101 Firefox/14.0

Also, checked in Socorro and there are no crashes on Firefox 14.
Comment 16 Kyle Huey [:khuey] (Exited; not receiving bugmail, email if necessary) 2012-07-05 07:37:47 PDT
*** Bug 771037 has been marked as a duplicate of this bug. ***
Comment 17 sachin shinde 2012-07-07 01:02:40 PDT
reduced testcase 

https://bugzilla.mozilla.org/attachment.cgi?id=639210

Note You need to log in before you can comment on or make changes to this bug.