Closed
Bug 1612573
Opened 5 years ago
Closed 5 years ago
crash near null in [@ mozilla::dom::ExternalHelperAppParent::Init]
Categories
(Core :: DOM: Navigation, defect, P1)
Core
DOM: Navigation
Tracking
()
RESOLVED
DUPLICATE
of bug 1611588
People
(Reporter: tsmith, Unassigned)
References
(Regression)
Details
(4 keywords)
This appears to be due to a missing null check on BrowsingContext* aContext
.
==1==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000190 (pc 0x7fc704afd5cb bp 0x7ffefb601810 sp 0x7ffefb601810 T0)
==1==The signal is caused by a READ memory access.
==1==Hint: address points to the zero page.
SCARINESS: 10 (null-deref)
#0 0x7fc704afd5ca in RefPtr<mozilla::dom::WindowContext>::get() const /work/obj-fuzz/dist/include/mozilla/RefPtr.h:284:27
#1 0x7fc705913349 in mozilla::dom::ExternalHelperAppParent::Init(mozilla::Maybe<mozilla::net::LoadInfoArgs> const&, nsTString<char> const&, bool const&, mozilla::Maybe<mozilla::ipc::URIParams> const&, mozilla::dom::BrowsingContext*, bool const&) mozilla-central/uriloader/exthandler/ExternalHelperAppParent.cpp:83:55
#2 0x7fc709a99ed7 in mozilla::dom::ContentParent::RecvPExternalHelperAppConstructor(mozilla::dom::PExternalHelperAppParent*, mozilla::Maybe<mozilla::ipc::URIParams> const&, mozilla::Maybe<mozilla::net::LoadInfoArgs> const&, nsTString<char> const&, nsTString<char> const&, unsigned int const&, nsTString<char16_t> const&, bool const&, long const&, bool const&, mozilla::Maybe<mozilla::ipc::URIParams> const&, mozilla::dom::BrowsingContext*, bool const&) mozilla-central/dom/ipc/ContentParent.cpp:3885:49
#3 0x7fc704ad85ef in mozilla::dom::PContentParent::OnMessageReceived(IPC::Message const&) /work/obj-fuzz/ipc/ipdl/PContentParent.cpp:8497:57
#4 0x7fc7031fe8f2 in void mozilla::ipc::FuzzProtocol<mozilla::dom::ContentParent>(mozilla::dom::ContentParent*, unsigned char const*, unsigned long, nsTArray<nsTString<char> > const&) /work/obj-fuzz/dist/include/ProtocolFuzzer.h:96:18
#5 0x7fc7031fe228 in RunContentParentIPCFuzzing(unsigned char const*, unsigned long) mozilla-central/dom/ipc/fuzztest/content_parent_ipc_libfuzz.cpp:27:3
#6 0x56455b82869f in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)
#7 0x56455b81435e in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long)
#8 0x56455b8166c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))
#9 0x7fc70cf02873 in mozilla::FuzzerRunner::Run(int*, char***) mozilla-central/tools/fuzzing/interface/harness/FuzzerRunner.cpp:54:10
#10 0x7fc70ce49435 in XREMain::XRE_mainStartup(bool*) mozilla-central/toolkit/xre/nsAppRunner.cpp:3696:35
#11 0x7fc70ce513cb in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) mozilla-central/toolkit/xre/nsAppRunner.cpp:4682:12
#12 0x7fc70ce519c3 in XRE_main(int, char**, mozilla::BootstrapConfig const&) mozilla-central/toolkit/xre/nsAppRunner.cpp:4746:21
#13 0x56455b6e8c34 in do_main(int, char**, char**)
#14 0x56455b6e848b in main
Reporter | ||
Updated•5 years ago
|
Summary: crash near null in → crash near null in [@ mozilla::dom::ExternalHelperAppParent::Init]
Updated•5 years ago
|
Has Regression Range: --- → yes
Keywords: regression
Updated•5 years ago
|
Blocks: fission-dogfooding
Priority: -- → P1
Updated•5 years ago
|
Status: NEW → RESOLVED
Closed: 5 years ago
Flags: needinfo?(matt.woodrow)
Resolution: --- → DUPLICATE
Updated•5 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•