Closed Bug 1698947 Opened 4 years ago Closed 3 years ago

Invalid Win32k use in content process [xul!GetSystemGDIGamma+0x36]

Categories

(Core :: Security: Process Sandboxing, defect, P2)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
All
Windows
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
92 Branch
Tracking Flags:
Tracking Status
firefox92 --- fixed

People

(Reporter: cmartin, Assigned: bobowen)

References

Details

00 0000000e`b7ff71d8 00007fff`9c5436de win32u!NtUserSystemParametersInfo
01 0000000e`b7ff71e0 00007fff`972af0a1 USER32!RealSystemParametersInfoW+0xae
02 0000000e`b7ff7270 00007fff`972aaea6 UxTheme!ClassicSystemParametersInfoW+0x41 [shell\themes\uxtheme\sethook.cpp @ 1556] 
03 (Inline Function) --------`-------- UxTheme!_InternalSystemParametersInfo+0x10 [shell\themes\uxtheme\nctheme.cpp @ 8190] 
04 0000000e`b7ff72b0 00007fff`9c54337a UxTheme!ThemeSystemParametersInfoW+0xb6 [shell\themes\uxtheme\sethook.cpp @ 1476] 
*** WARNING: Unable to verify checksum for C:\moz\mozilla-central\obj-x86_64-pc-mingw32\dist\bin\xul.dll
05 0000000e`b7ff73a0 00007fff`285d30d9 USER32!SystemParametersInfoW+0x9a
06 (Inline Function) --------`-------- xul!SystemParametersInfo+0x10 [c:\moz\mozilla-central\obj-x86_64-pc-mingw32\dist\stl_wrappers\windows.h @ 5158] 
07 (Inline Function) --------`-------- xul!GetSystemGDIGamma+0x36 [c:\moz\mozilla-central\gfx\thebes\gfxDWriteFonts.cpp @ 67] 
08 0000000e`b7ff73f0 00007fff`286174d0 xul!gfxDWriteFont::GetScaledFont+0x209 [c:\moz\mozilla-central\gfx\thebes\gfxDWriteFonts.cpp @ 605] 
09 0000000e`b7ff74d0 00007fff`2864944b xul!gfxFont::Draw+0xf0 [c:\moz\mozilla-central\gfx\thebes\gfxFont.cpp @ 2065] 
0a (Inline Function) --------`-------- xul!gfxTextRun::DrawGlyphs+0x7a [c:\moz\mozilla-central\gfx\thebes\gfxTextRun.cpp @ 433] 
0b 0000000e`b7ff7ee0 00007fff`2a2e27e3 xul!gfxTextRun::Draw+0x7cb [c:\moz\mozilla-central\gfx\thebes\gfxTextRun.cpp @ 680] 
0c 0000000e`b7ff8d80 00007fff`2a2e2491 xul!DrawTextRun+0x213 [c:\moz\mozilla-central\layout\generic\nsTextFrame.cpp @ 6921] 
0d 0000000e`b7ff8e40 00007fff`2a2ded12 xul!nsTextFrame::DrawTextRun+0x41 [c:\moz\mozilla-central\layout\generic\nsTextFrame.cpp @ 6929] 
0e 0000000e`b7ff8ef0 00007fff`2a2e2306 xul!nsTextFrame::DrawText+0xe2 [c:\moz\mozilla-central\layout\generic\nsTextFrame.cpp @ 7165] 
0f 0000000e`b7ff9030 00007fff`2a455195 xul!nsTextFrame::PaintText+0x8b6 [c:\moz\mozilla-central\layout\generic\nsTextFrame.cpp @ 6854] 
10 0000000e`b7ff9360 00007fff`2a45550f xul!nsDisplayText::RenderToContext+0x3a5 [c:\moz\mozilla-central\layout\painting\nsDisplayList.cpp @ 8942] 
11 0000000e`b7ff9500 00007fff`284c7207 xul!nsDisplayText::CreateWebRenderCommands+0x2ff [c:\moz\mozilla-central\layout\painting\nsDisplayList.cpp @ 8866] 
12 0000000e`b7ff95e0 00007fff`284c6760 xul!mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands+0xa7 [c:\moz\mozilla-central\gfx\layers\wr\WebRenderCommandBuilder.cpp @ 1680] 
13 0000000e`b7ff9650 00007fff`2a44b2ad xul!mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList+0x810 [c:\moz\mozilla-central\gfx\layers\wr\WebRenderCommandBuilder.cpp @ 1807] 
14 (Inline Function) --------`-------- xul!nsDisplayWrapList::CreateWebRenderCommands+0x3b [c:\moz\mozilla-central\layout\painting\nsDisplayList.cpp @ 5575] 
15 0000000e`b7ff9940 00007fff`284c7207 xul!nsDisplayOwnLayer::CreateWebRenderCommands+0x3fd [c:\moz\mozilla-central\layout\painting\nsDisplayList.cpp @ 6332] 
16 0000000e`b7ff9b60 00007fff`284c6760 xul!mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommands+0xa7 [c:\moz\mozilla-central\gfx\layers\wr\WebRenderCommandBuilder.cpp @ 1680] 
17 0000000e`b7ff9bd0 00007fff`284c5a0f xul!mozilla::layers::WebRenderCommandBuilder::CreateWebRenderCommandsFromDisplayList+0x810 [c:\moz\mozilla-central\gfx\layers\wr\WebRenderCommandBuilder.cpp @ 1807] 
18 0000000e`b7ff9ec0 00007fff`284cf23e xul!mozilla::layers::WebRenderCommandBuilder::BuildWebRenderCommands+0x3df [c:\moz\mozilla-central\gfx\layers\wr\WebRenderCommandBuilder.cpp @ 1600] 
19 0000000e`b7ffa2d0 00007fff`2a43b8e6 xul!mozilla::layers::WebRenderLayerManager::EndTransactionWithoutLayer+0x25e [c:\moz\mozilla-central\gfx\layers\wr\WebRenderLayerManager.cpp @ 376] 
1a 0000000e`b7ffa6a0 00007fff`2a1be472 xul!nsDisplayList::PaintRoot+0x4b6 [c:\moz\mozilla-central\layout\painting\nsDisplayList.cpp @ 2461] 
1b 0000000e`b7ffa800 00007fff`2a1675ad xul!nsLayoutUtils::PaintFrame+0x1832 [c:\moz\mozilla-central\layout\base\nsLayoutUtils.cpp @ 3460] 
1c 0000000e`b7ffca00 00007fff`29f00e7f xul!mozilla::PresShell::Paint+0x6dd [c:\moz\mozilla-central\layout\base\PresShell.cpp @ 6395] 
1d 0000000e`b7ffcbb0 00007fff`29f00ac2 xul!nsViewManager::ProcessPendingUpdatesPaint+0x1ef [c:\moz\mozilla-central\view\nsViewManager.cpp @ 459] 
1e 0000000e`b7ffcc30 00007fff`29f01a49 xul!nsViewManager::ProcessPendingUpdatesForView+0x2a2 [c:\moz\mozilla-central\view\nsViewManager.cpp @ 395] 
1f 0000000e`b7ffccb0 00007fff`2a1373bd xul!nsViewManager::ProcessPendingUpdates+0x79 [c:\moz\mozilla-central\view\nsViewManager.cpp @ 973] 
20 0000000e`b7ffccf0 00007fff`2a13c13f xul!nsRefreshDriver::Tick+0x182d [c:\moz\mozilla-central\layout\base\nsRefreshDriver.cpp @ 2341]
Assignee: nobody → cmartin
Status: NEW → ASSIGNED
Depends on: 1698948
Depends on: 1698950
Blocks: 1383524
No longer blocks: win32k-lockdown
Severity: -- → S4
Priority: -- → P2
Assignee: cmartin → bobowencode

This should have been fixed by the patches just landed on bug 1698946.

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox92: --- → fixed
Depends on: 1698946
Resolution: --- → FIXED
Target Milestone: --- → 92 Branch
You need to log in before you can comment on or make changes to this bug.