760975 - Heap-buffer-overflow in nsAutoCompleteController::ProcessResult

Status: RESOLVED WORKSFORME

(Toolkit :: Autocomplete, defect)

Description

[Arthur Gerkis]

Attachment: ASan log (12ab69851e05)

ASan reported heap-buffer-overflow, steps that may help to reproduce this bug:
  1. open blank tab
  2. start typing in any address
  3. with arrow down choose one of suggested url's
  4. press Ctrl+Back

Attached ASan log is for build http://hg.mozilla.org/mozilla-central/rev/12ab69851e05

Comment 1

[Arthur Gerkis]

This bug looks similar to https://bugzilla.mozilla.org/show_bug.cgi?id=756861, but I am not sure.

Comment 2

[Kyle Huey (Exited; not receiving bugmail, old account, do not use)]

This looks related to bug 756861 and bug 720589.  Mak?

Comment 3

[Al Billings [:abillings - ex-MoCo]]

Any luck getting a testcase for this?

Comment 4

[Arthur Gerkis]

I guess here the test-case is not possible due to the nature of trigger - it requires user interaction. I was not able to find any other way to reproduce that bug, except of the steps mentioned in the very first message. Also, looks like the bug is fixed - in mentioned build it was quite easy to reproduce, but in build cf4face65451 I am not able to reproduce this.

Comment 5

[Al Billings [:abillings - ex-MoCo]]

I tried those steps in a 6/1 build (http://hg.mozilla.org/try/rev/2f7a34cd51eb) that Christian made for Linux and cannot reproduce the problem.

Comment 6

[Al Billings [:abillings - ex-MoCo]]

Arthur, does this still reproduce?

Comment 7

[Arthur Gerkis]

(In reply to Al Billings [:abillings] from comment #6)
> Arthur, does this still reproduce?

No, it doesn't crash since Comment 4.