Closed Bug 812929 Opened 13 years ago Closed 13 years ago

imgRequestProxy crash with contenteditable, list-style-image

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Platform:
x86_64
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 788959

People

(Reporter: jruderman, Assigned: jdm)

References

Details

(Keywords: crash, sec-critical, testcase, Whiteboard: [sg:dupe 788959])

Crash Data

Attachments

(2 files, 1 obsolete file)

testcase (fragile timing)
771 bytes, text/html
Details
stack
10.62 KB, text/plain
Details
Sometimes this appears as imgRequestProxy::BlockOnload calling a random address.
Attached file stack
Nightly: bp-3179ed13-0ee5-4ea3-bd12-a5d102121118
Keywords: sec-critical
With this patch I wasn't able to reproduce the intermittent crash in many minutes of frequent refreshing through multiple tabs.
Attachment #683771 - Flags: review?(bzbarsky)
Assignee: nobody → josh
Comment on attachment 683771 [details] [diff] [review] Clear the listener associated with cancelled bullet frame image requests. Wrong bug.
Attachment #683771 - Flags: review?(bzbarsky)
Attachment #683771 - Attachment is obsolete: true
I can't seem to reproduce this with the patch in bug 788959 applied.
Now you're just showing off :)
Whiteboard: [Fix on bug 788959]
Depends on: CVE-2013-0762
Can we mark this fixed now?
Sure
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Whiteboard: [Fix on bug 788959] → [sg:dupe 788959]
Group: core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: