Closed
Bug 968244
Opened 10 years ago
Closed 10 years ago
Faulty abort: "bad Shmem" in PLayerTransactionParent::DeallocShmem under PLayerParent::DestroySubtree
Categories
(Core :: Graphics, defect)
Tracking
()
RESOLVED
FIXED
mozilla30
People
(Reporter: bjacob, Assigned: bjacob)
References
(Blocks 1 open bug)
Details
Attachments
(2 files, 1 obsolete file)
|
21.76 KB,
text/plain
|
Details | |
|
3.42 KB,
patch
|
bent.mozilla
:
review+
|
Details | Diff | Splinter Review |
Found by Christoph Diehl's "Faulty" fuzzer, see bug 777067
|
Assignee | |
Comment 1•10 years ago
|
||
Classification: PLayer, bad assertion, easy
|
|
Assignee | |
Comment 2•10 years ago
|
||
This is similar to bug 968823, but this time in IPDL-generated code.
Attachment #8374554 -
Flags: review?(bent.mozilla)
Hm, can we do this just for the parent process? I'd prefer to keep crashing the child.
|
||
Updated•10 years ago
|
Attachment #8374554 -
Flags: review?(bent.mozilla) → review+
Comment on attachment 8374554 [details] [diff] [review] Make IPDL-generated code not crash release builds on bad Shmems Oops, hit the wrong button. Canceling review until I get an answer to my question above.
Attachment #8374554 -
Flags: review+
|
|
Assignee | |
Comment 5•10 years ago
|
||
Attachment #8381087 -
Flags: review?(bent.mozilla)
|
|
Assignee | |
Updated•10 years ago
|
Attachment #8374554 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 6•10 years ago
|
||
https://tbpl.mozilla.org/?tree=Try&rev=3d38c02c9091
Comment on attachment 8381087 [details] [diff] [review] Make IPDL-generated code not crash release builds on bad Shmems Review of attachment 8381087 [details] [diff] [review]: ----------------------------------------------------------------- The adopt looks good, shouldn't we do the same for dealloc too?
Attachment #8381087 -
Flags: review?(bent.mozilla) → review+
|
|
Assignee | |
Comment 8•10 years ago
|
||
Regarding the adopt, I don't even know what it does, and this patch doesn't change it, so I'll leave it to you and other specialists :)
|
|
Assignee | |
Comment 9•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/ceac6a4674d2
Assignee: nobody → bjacob
|
||
Comment 10•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/ceac6a4674d2
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla30
You need to log in
before you can comment on or make changes to this bug.
Description
•