1. http://entitlement.auth.adobe.com/entitlement/AccessEnabler.swf with ASAN enabled Beta/40, Aurora/41, Nightly/42 on Linux x86_64 Flash 11.2.202.491 2. ==12653==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x0000020fb030 in thread T0 Get build from http://ftp.mozilla.org/pub/mozilla.org/firefox/tinderbox-builds/mozilla-central-linux64-asan/latest/

Aaron, should we report this to Adobe or something? Can you do that? Thanks.

A number of crashes which were reproducible prior to the Flash update this week were fixed. Let me retest this using a new asan build with the latest flash update.

Setting ni? on bc until we know whether this has already been fixed.

This is still reproducible with today's opt asan build on Linux x86_64 with Flash 11.2.202.508 by loading http://entitlement.auth.adobe.com/entitlement/AccessEnabler.swf This brings up the additional point on how to handle Flash crashes in Bughunter automation in general. I normally see several medium/high exploitability rated crashes with the occasional EXCEPTION_ACCESS_VIOLATION_EXEC reason. How do we want to handle these in the future?

Jeromie, can you have somebody look into this, please?

This is ADBE 4035763

We were not able to get this to reproduce on our end, but we added a blind fix in Flash Player 11.2.r202.518 or higher that we believe should resolve it. It would be great if you guys could confirm.

* Sorry, I copied this from the bug comment, but I just noticed that the version indicated is a typo, and is supposed to be 11.2.202.218

I can reproduce with the original swf and the current one on Fedora 22 with today's opt asan 64 bit build with Flash 11.2.202.508-release.

I'll send you a drop of 11.2.202.530

Sorry for the delay but I have been experiencing issues with display on Fedora. With Flash 11.2.202.530 x86_64 with xorg-x11-drv-nouveau.x86_64 1:1.0.11-2.fc22 I can reproduce: ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed When I boot with ACPI=off and access the machine via VNC I can not reproduce this.

The previous comment was on Fedora 22 with Kernel 4.1.6. I also tried this on an ESXi VM RHEL6 2.6.32-573.3.1 and could not reproduce. Tomcat: do you have a Linux system (not a vm and not over vnc) that you could test this with? jeclark: do you mind if I pass the 11.2.202.530 to Tomcat?

(In reply to Bob Clary [:bc:] from comment #13) > The previous comment was on Fedora 22 with Kernel 4.1.6. I also tried this > on an ESXi VM RHEL6 2.6.32-573.3.1 and could not reproduce. > > Tomcat: do you have a Linux system (not a vm and not over vnc) that you > could test this with? > > jeclark: do you mind if I pass the 11.2.202.530 to Tomcat? Hey Bob, i don't have a physical maschine with linux anymore, all are mac's etc with vms for linux. so i guess i can't help here. sorry!

@bclary: You're welcome to share those internally.

Version and milestone values are being reset to defaults as part of product refactoring.

rahib@adobe.com has requested to be cc'ed on this bug.

Qusta Rahib works for me. He's welcome to have visibility on this bug. In terms of the status of the bug itself: We stopped shipping the Flash Player 11.2 branch a couple years ago. We had been maintaining a branch of Flash Player 11.2 with security patches for a few year as a result of a a decision to freeze NPAPI on Linux and carry PPAPI forward as the supported path. This was primarily a product of the introduction of hardware graphics acceleration in Flash and the fact that PPAPI offered much better abstraction to the graphics implementations across Linux distributions. We ultimately began shipping an NPAPI Flash Player again from current branches (with some features disabled) as the accumulated bit-rot and build system dependencies on old infrastructure made it incredibly difficult to maintain. So... this bug is probably moot, as this branch no longer ships and hasn't in a long time. If you're seeing exploitable crashes in current Flash Player versions, those are definitely things that we want to know about and fix. Please feel free to copy me on new bugs, and it would be great if you could forward them to the Adobe Product Security Incident Response Team (PSIRT) at psirt@adobe.com. That account is staffed 24/7/365 and they're positioned to rally resources and follow up so that there's no single human point of failure. Thanks!

Is this issue still occurring in the latest Firefox & Flash? If so, please provide steps to reproduce. I've installed Fedora 28 and downloaded the the latest FireFox Nightly Asan from here. https://archive.mozilla.org/pub/firefox/nightly/latest-mozilla-central/firefox-64.0a1.en-US.linux-x86_64-asan-reporter.tar.bz2 I Tested AccessEnabled.swf with current release 31.0.0.122 & latest builds 32.0.0.58 and had no luck reproducing the issue.

I would go ahead and mark it works for me if you can't reproduce with a fresh Firefox build and Flash build. I no longer allow Flash on my machines.

(In reply to Bob Clary [:bc:] from comment #20) > I would go ahead and mark it works for me if you can't reproduce with a > fresh Firefox build and Flash build. I no longer allow Flash on my machines. I don't see where to mark it "works" is there an option for that? Thanks

The Bugzilla UI changes are a little tricky. Select FIXED then you can change it to WORKSFORME. Done.