Closed Bug 967184 Opened 6 years ago Closed 6 years ago
_CRASH under mozilla::dom::PContent Parent::Read as we receive a too-large ns TArray<jsipc::Cpow Entry*> length
Found by Christoph Diehl's "Faulty" fuzzer, see bug 777067 Closely related variant: bug 967167 Reproduces on desktop linux debug build with tabs.remote pref, with the Faulty IPC fuzzer, using this environment: FAULTY_SEED=4 FAULTY_PICKLE=1 FAULTY_PARENT=1 FAULTY_ENABLE_LOGGING=1 FAULTY_PROBABILITY=10
Yeah, we should be using fallible arrays on the parent side.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: ipc-big-arrays
You need to log in before you can comment on or make changes to this bug.