Closed
Bug 861472
Opened 12 years ago
Closed 11 years ago
WebVTT use after free [mozilla::dom::FragmentOrElement::Release]
Categories
(Core :: Audio/Video, defect)
Tracking
()
RESOLVED
WORKSFORME
| Tracking | Status | |
|---|---|---|
| firefox21 | --- | unaffected |
| firefox22 | --- | unaffected |
| firefox23 | --- | unaffected |
| firefox24 | - | disabled |
| firefox25 | --- | disabled |
| firefox26 | --- | disabled |
| firefox27 | --- | disabled |
| firefox-esr17 | --- | unaffected |
| b2g18 | --- | unaffected |
People
(Reporter: rforbes, Assigned: reyre)
References
Details
(5 keywords)
Attachments
(2 files)
use peach I found the included use after free error. I have included the test case and the callstack.
|
Reporter | |
Comment 1•12 years ago
|
||
|
||
Updated•12 years ago
|
status-b2g18:
--- → unaffected
status-firefox21:
--- → unaffected
status-firefox22:
--- → unaffected
status-firefox-esr17:
--- → unaffected
|
||
Comment 2•12 years ago
|
||
Assigning to rillian (for triage and possible reassignment)
Assignee: nobody → giles
|
|
||
Comment 3•12 years ago
|
||
The plan is to land this disabled, so I'm just going to mark it disabled for 23.
status-firefox23:
--- → disabled
|
||
Comment 4•11 years ago
|
||
Ralph,
What is the status here? This landed for 24 and is disabled from what we can see. Can we get this fixed?
status-firefox24:
--- → disabled
tracking-firefox24:
--- → ?
|
||
Updated•11 years ago
|
Flags: needinfo?(giles)
|
Assignee | |
Comment 5•11 years ago
|
||
I can look into if you don't have time Ralph?
|
||
Comment 6•11 years ago
|
||
Thanks Rick. If you could take this I'd appreciate it. Should be easier to address now that the code is in-tree. Are you able to reproduce with m-c now?
Flags: needinfo?(giles)
|
|
Assignee | |
Updated•11 years ago
|
Assignee: giles → rick.eyre
|
|
Assignee | |
Comment 7•11 years ago
|
||
I can't reproduce this while testing on Fedora with an ASAN build.
|
||
Comment 8•11 years ago
|
||
I haven't been able to reproduce it on osx 10.8 or linux x64 with ASan -- But unfortunately there are a lot of other ASan problems on the mac which might be hiding it (the malloc/delete new/free mixup stuff)
|
|
Assignee | |
Comment 9•11 years ago
|
||
I'm getting those as well. Hopefully, that's not hiding it.
|
|
Assignee | |
Comment 10•11 years ago
|
||
What rev was this done against? We're no longer using the integration branch on github. We're now working off moz-central and all the code to test this is in there now.
|
|
||
Comment 11•11 years ago
|
||
rforbes, could you please check m-c and see if this issue is still present in the landed code?
Flags: needinfo?(rforbes)
|
|
||
Comment 12•11 years ago
|
||
Given this is disabled on nightly, not tracking it.Please renominate once this code is enabled and if the bug is still unfixed.
|
|
||
Updated•11 years ago
|
status-firefox25:
--- → disabled
|
|
||
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WONTFIX
|
||
Updated•11 years ago
|
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
|
|
||
Comment 13•11 years ago
|
||
Reproduction check no longer necessary; removing needinfo.
Flags: needinfo?(rforbes)
|
|
||
Updated•11 years ago
|
status-firefox26:
--- → disabled
|
|
||
Updated•11 years ago
|
status-firefox27:
--- → disabled
|
||
Comment 14•11 years ago
|
||
This is not reproducible anymore. It involved the old WebVTT parser which is not anymore in our code base.
Status: REOPENED → RESOLVED
Closed: 11 years ago → 11 years ago
Resolution: --- → FIXED
|
||
Updated•11 years ago
|
Resolution: FIXED → WORKSFORME
|
||
Updated•9 years ago
|
Group: core-security → core-security-release
|
||
Updated•7 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•