Closed
Bug 1712616
Opened 3 years ago
Closed 3 years ago
Crash in [@ mozilla::VideoRenderer::Release]
Categories
(Core :: WebRTC, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: kbrosnan, Unassigned)
Details
(Keywords: crash, csectype-uaf, sec-high)
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/ea96979b-5970-4cca-8fb3-871230210524
Reason: SIGBUS / BUS_ADRALN
Top 10 frames of crashing thread:
0 libxul.so mozilla::VideoRenderer::Release dom/media/webrtc/libwebrtcglue/MediaConduitInterface.h:117
1 libxul.so RefPtr<mozilla::MozPromise<unsigned int, nsresult, false>::ThenValue<mozilla::LoginReputationService::QueryLoginWhitelist mfbt/RefPtr.h:81
2 libxul.so std::__ndk1::__function::__func<mozilla::dom::PBrowserParent::SendPrintPreview /builds/worker/fetches/android-ndk/sources/cxx-stl/llvm-libc++/include/functional:1637
3 @0xf74a8ebe
4 libxul.so nsAppShellService::CreateWindowlessBrowser xpfe/appshell/nsAppShellService.cpp:450
5 libxul.so NS_InvokeByIndex xpcom/reflect/xptcall/md/unix/xptcinvoke_arm.cpp:167
6 libxul.so XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:1142
7 libxul.so XPC_WN_CallMethod js/xpconnect/src/XPCWrappedNativeJSOps.cpp:925
8 libxul.so js::InternalCallOrConstruct js/src/vm/Interpreter.cpp:520
9 libxul.so Interpret js/src/vm/Interpreter.cpp:3244
Most of the crashes addresses are the poison address.
Severity: -- → S2
|
||
Updated•3 years ago
|
Keywords: csectype-uaf,
sec-high
|
||
Updated•3 years ago
|
Blocks: webrtc-triage
|
||
Comment 1•3 years ago
|
||
Is there a chance this was fixed in 90? crash-stats doesn't show any reports after 89.1.1.
|
|
||
Comment 2•3 years ago
|
||
Looks like the printing work cleared this up.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WORKSFORME
|
|
||
Updated•3 years ago
|
No longer blocks: webrtc-triage
|
||
Updated•1 year ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•