Closed
Bug 1612568
Opened 5 years ago
Closed 5 years ago
MOZ_CRASH: Attempt to deserialize absent WindowContext
Categories
(Core :: DOM: Content Processes, defect, P2)
Core
DOM: Content Processes
Tracking
()
RESOLVED
FIXED
mozilla75
Tracking | Status | |
---|---|---|
firefox-esr68 | --- | unaffected |
firefox73 | --- | unaffected |
firefox74 | --- | wontfix |
firefox75 | --- | fixed |
People
(Reporter: tsmith, Assigned: farre)
References
(Regression)
Details
(5 keywords)
Attachments
(1 file)
(deleted),
text/x-phabricator-request
|
Details |
This check should be disable while fuzzing.
==1==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f04e9706a12 bp 0x7ffd47efe5f0 sp 0x7ffd47efe4c0 T0)
==1==The signal is caused by a WRITE memory access.
==1==Hint: address points to the zero page.
#0 0x7f04e9706a11 in mozilla::ipc::IPDLParamTraits<mozilla::dom::WindowContext*>::Read(IPC::Message const*, PickleIterator*, mozilla::ipc::IProtocol*, RefPtr<mozilla::dom::WindowContext>*) mozilla-central/docshell/base/WindowContext.cpp:217:28
#1 0x7f04e1c26005 in mozilla::dom::PContentParent::OnMessageReceived(IPC::Message const&) /work/obj-fuzz/ipc/ipdl/PContentParent.cpp:12269:20
#2 0x7f04e035f8f2 in void mozilla::ipc::FuzzProtocol<mozilla::dom::ContentParent>(mozilla::dom::ContentParent*, unsigned char const*, unsigned long, nsTArray<nsTString<char> > const&) /work/obj-fuzz/dist/include/ProtocolFuzzer.h:96:18
#3 0x7f04e035f228 in RunContentParentIPCFuzzing(unsigned char const*, unsigned long) mozilla-central/dom/ipc/fuzztest/content_parent_ipc_libfuzz.cpp:27:3
#4 0x56073dda969f in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_firefox_6180546f5e5f1d75138bf6cea3784693af7a2aa9/revisions/firefox/firefox+0x30c69f)
#5 0x56073dd9535e in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_firefox_6180546f5e5f1d75138bf6cea3784693af7a2aa9/revisions/firefox/firefox+0x2f835e)
#6 0x56073dd976c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_firefox_6180546f5e5f1d75138bf6cea3784693af7a2aa9/revisions/firefox/firefox+0x2fa6c9)
#7 0x7f04ea063873 in mozilla::FuzzerRunner::Run(int*, char***) mozilla-central/tools/fuzzing/interface/harness/FuzzerRunner.cpp:54:10
#8 0x7f04e9faa435 in XREMain::XRE_mainStartup(bool*) mozilla-central/toolkit/xre/nsAppRunner.cpp:3696:35
#9 0x7f04e9fb23cb in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) mozilla-central/toolkit/xre/nsAppRunner.cpp:4682:12
#10 0x7f04e9fb29c3 in XRE_main(int, char**, mozilla::BootstrapConfig const&) mozilla-central/toolkit/xre/nsAppRunner.cpp:4746:21
#11 0x56073dc69c34 in do_main(int, char**, char**) (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_firefox_6180546f5e5f1d75138bf6cea3784693af7a2aa9/revisions/firefox/firefox+0x1ccc34)
#12 0x56073dc6948b in main (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_firefox_6180546f5e5f1d75138bf6cea3784693af7a2aa9/revisions/firefox/firefox+0x1cc48b)
Reporter | ||
Updated•5 years ago
|
Flags: needinfo?(afarre)
Assignee | ||
Comment 1•5 years ago
|
||
Updated•5 years ago
|
Assignee: nobody → afarre
Status: NEW → ASSIGNED
Assignee | ||
Updated•5 years ago
|
Flags: needinfo?(afarre)
Comment 2•5 years ago
|
||
The priority flag is not set for this bug.
:neha, could you have a look please?
For more information, please visit auto_nag documentation.
Flags: needinfo?(nkochar)
Updated•5 years ago
|
Pushed by afarre@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/43e80a088f4b
Avoid hard-crashing on malformed data while fuzzing. r=nika
Comment 4•5 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox75:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla75
Updated•5 years ago
|
status-firefox73:
--- → unaffected
status-firefox74:
--- → wontfix
status-firefox-esr68:
--- → unaffected
Regressed by: WindowContext
Updated•5 years ago
|
Has Regression Range: --- → yes
Updated•5 years ago
|
Keywords: regression
You need to log in
before you can comment on or make changes to this bug.
Description
•