Closed Bug 967184 Opened 6 years ago Closed 6 years ago

Faulty: MOZ_CRASH under mozilla::dom::PContentParent::Read as we receive a too-large nsTArray<jsipc::CpowEntry*> length

Categories

(Core :: IPC, defect)

x86_64
Linux
defect
Not set

Tracking

()

RESOLVED DUPLICATE of bug 967167

People

(Reporter: bjacob, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Attached file Faulty session
Found by Christoph Diehl's "Faulty" fuzzer, see bug 777067

Closely related variant: bug 967167

Reproduces on desktop linux debug build with tabs.remote pref, with the Faulty IPC fuzzer, using this environment:

FAULTY_SEED=4 FAULTY_PICKLE=1 FAULTY_PARENT=1 FAULTY_ENABLE_LOGGING=1 FAULTY_PROBABILITY=10
Yeah, we should be using fallible arrays on the parent side.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: ipc-big-arrays
You need to log in before you can comment on or make changes to this bug.