Closed Bug 1235556 Opened 9 years ago Closed 9 years ago

Integer Overflow In Firefox

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Version:
43 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1235605

People

(Reporter: joseph.c.stephen, Unassigned)

Details

(Keywords: crash, testcase)

Attachments

(1 file)

Testcase
(deleted), text/html
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36 Steps to reproduce: Copied and pasted this link, with the code set to automatically run, which crashes Firefox. [http://jsbin.com/gomozajige/1/edit?html,output] Actual results: Crashed my Firefox browser. Mozilla crash report link: https://crash-stats.mozilla.com/report/index/f2b3ae38-5732-4eb7-b2fd-301c42151229 Another one in FF45: https://crash-stats.mozilla.com/report/index/be559e88-f581-422c-92b7-442dd2151229 Expected results: My browser should not have crashed upon running that code [Or pasting that link, which will run that code].
Attached file Testcase (deleted) —
Seth or Nicholas, can either of you take a look? Not sure this needs to be sec-sensitive - it's dos but the crash stacks look safe (nullptr exception) to me (though I could be wrong...).
Group: firefox-core-security → core-security
Status: UNCONFIRMED → NEW
Component: Untriaged → ImageLib
Ever confirmed: true
Flags: needinfo?(seth)
Flags: needinfo?(n.nethercote)
Keywords: crash, testcase
Product: Firefox → Core
Probably another dupe of bug 1235605.
Status: NEW → RESOLVED
Closed: 9 years ago
Flags: needinfo?(seth)
Flags: needinfo?(n.nethercote)
Resolution: --- → DUPLICATE
Group: core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: