Closed
Bug 967648
Opened 12 years ago
Closed 11 years ago
Faulty crash in ContainerRender() as the _vptr$LayerComposite for layerToRender is null
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
FIXED
mozilla30
People
(Reporter: bjacob, Assigned: bjacob)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
|
11.33 KB,
text/plain
|
Details |
Found by Christoph Diehl's "Faulty" fuzzer, see bug 777067
|
Assignee | |
Updated•12 years ago
|
Summary: Faulty crash in ContainerRender() as layerToRender->GetLayer() returns near-null → Faulty crash in ContainerRender() as the _vptr$LayerComposite for layerToRender is null
|
|
Assignee | |
Comment 1•12 years ago
|
||
No idea how we're getting a null vptr here. Possibilities include:
- use after free
- scribbling
- reinterpreting a layer type into another
I'll try reproducing this with ASAN, this will possibly distinguish between some of these situations.
|
|
Assignee | |
Comment 2•12 years ago
|
||
Classification: non-protocol, memory corruption in layers code, hard
|
|
Assignee | |
Updated•12 years ago
|
Depends on: PReinterpretCast
|
|
Assignee | |
Comment 3•11 years ago
|
||
Fixed by the landing of PLayerTransaction type checks before casting layers, bug 968833.
Assignee: nobody → bjacob
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
|
||
Updated•11 years ago
|
Target Milestone: --- → mozilla30
You need to log in
before you can comment on or make changes to this bug.
Description
•