firefox crash on firefox-default-homepage for long tooltips of long base64-Images in "pagepropertys" menu

UNCONFIRMED
Unassigned

Status

()

Core
Graphics: Layers
UNCONFIRMED
4 years ago
4 years ago

People

(Reporter: Thomas, Unassigned)

Tracking

({csectype-dos})

24 Branch
x86_64
Windows 7
csectype-dos
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

4 years ago
Created attachment 823412 [details]
firefox-bug.png

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0 (Beta/Release)
Build ID: 20130910160258

Steps to reproduce:

- start Firefox: about:home (dafualt Firefox start page)
- menu: extras -> Seiteninformationen (pageinformation) -> Media
- select a base64 image, mouse over the addresses to see "context-help"
- "fast" (about three times in 1Hz) move/switch between address-"context-help"

=> maybe this is a buffer-overrun?

(Firefox 24.0 - Windows 7 - 64bit)


Actual results:

firefox crash
(Reporter)

Updated

4 years ago
Summary: firefox crash on firefox-default-homepage on context-help for long adresses → firefox crash on firefox-default-homepage on context-help for long base64-Images in pagepropertys
Do you have a stack or a crash report for this crash?
(Reporter)

Comment 2

4 years ago
1.) Not sure how to create a crash report.
2.) I can reproduct this crash on different (win7 64bit) machines!

AdapterDeviceID: 0x1244
AdapterVendorID: 0x10de
Add-ons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4,%7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.5,%7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.12,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0,%7Bd10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d%7D:2.4
AvailablePageFile: 5774704640
AvailablePhysicalMemory: 1947271168
AvailableVirtualMemory: 3715747840
BuildID: 20130910160258
CrashTime: 1382996597
EMCheckCompatibility: true
Email: 
InstallTime: 1380819000
Notes: Cisco VPN
AdapterVendorID: 0x10de, AdapterDeviceID: 0x1244, AdapterSubsysID: 26121462, AdapterDriverVersion: 9.18.13.1106
D2D? D2D+ DWrite? DWrite+ D3D10 Layers? D3D10 Layers+ 
ProductID: {ec8030f7-c20a-464f-9b0e-13a3a9e97384}
ProductName: Firefox
ReleaseChannel: release
SecondsSinceLastCrash: 5589
StartupTime: 1382996514
SystemMemoryUsePercentage: 54
Theme: classic/1.0
Throttleable: 1
TotalVirtualMemory: 4294836224
URL: about:home
Vendor: Mozilla
Version: 24.0
Winsock_LSP: MSAFD-Tcpip [TCP/IP] : 2 : 1 : %SystemRoot%\system32\mswsock.dll 
 MSAFD-Tcpip [UDP/IP] : 2 : 2 :  
 MSAFD-Tcpip [RAW/IP] : 2 : 3 : %SystemRoot%\system32\mswsock.dll 
 MSAFD-Tcpip [TCP/IPv6] : 2 : 1 :  
 MSAFD-Tcpip [UDP/IPv6] : 2 : 2 : %SystemRoot%\system32\mswsock.dll 
 MSAFD-Tcpip [RAW/IPv6] : 2 : 3 :  
 RSVP-TCPv6-Dienstanbieter : 2 : 1 : %SystemRoot%\system32\mswsock.dll 
 RSVP-TCP-Dienstanbieter : 2 : 1 :  
 RSVP-UDPv6-Dienstanbieter : 2 : 2 : %SystemRoot%\system32\mswsock.dll 
 RSVP-UDP-Dienstanbieter : 2 : 2 :  
 VMCI sockets DGRAM : 0 : 2 :  
 VMCI sockets STREAM : 0 : 1 : %SystemRoot%\system32\vsocklib.dll
(Reporter)

Updated

4 years ago
Summary: firefox crash on firefox-default-homepage on context-help for long base64-Images in pagepropertys → firefox crash on firefox-default-homepage for long tooltips of long base64-Images in "pagepropertys" menu
If the crash triggers the crash reporter, then after you restart you can go to about:crashes and you'll see the crash reports that you've sent recently.  If you click on one, it will give you the URL for the crash report.
(Reporter)

Comment 4

4 years ago
https://crash-stats.mozilla.com/report/index/0b6506bb-6f78-4065-9196-3d7d12131029
Thanks!

Here are the top two stack frames:
CDXGISwapChain::ResizeBuffers(unsigned int,unsigned int,unsigned int,DXGI_FORMAT,unsigned int)
mozilla::layers::LayerManagerD3D10::VerifyBufferSize()
Component: Untriaged → Graphics: Layers
Product: Firefox → Core
(Reporter)

Comment 6

4 years ago
(crash report of Firefox 25.0 for this report)
https://crash-stats.mozilla.com/report/index/273c23e1-d97e-41a8-abc0-981892131030
Crash stacks show a null deref, so a stability issue rather than a security worry
Group: core-security
Keywords: csec-dos
You need to log in before you can comment on or make changes to this bug.