Closed Bug 968244 Opened 11 years ago Closed 11 years ago

Faulty abort: "bad Shmem" in PLayerTransactionParent::DeallocShmem under PLayerParent::DestroySubtree

Categories

(Core :: Graphics, defect)

x86_64
Linux
defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla30

People

(Reporter: bjacob, Assigned: bjacob)

References

(Blocks 1 open bug)

Details

Attachments

(2 files, 1 obsolete file)

Attached file Faulty session (deleted) —
Found by Christoph Diehl's "Faulty" fuzzer, see bug 777067
Classification: PLayer, bad assertion, easy
This is similar to bug 968823, but this time in IPDL-generated code.
Attachment #8374554 - Flags: review?(bent.mozilla)
Hm, can we do this just for the parent process? I'd prefer to keep crashing the child.
Attachment #8374554 - Flags: review?(bent.mozilla) → review+
Comment on attachment 8374554 [details] [diff] [review] Make IPDL-generated code not crash release builds on bad Shmems Oops, hit the wrong button. Canceling review until I get an answer to my question above.
Attachment #8374554 - Flags: review+
Attachment #8374554 - Attachment is obsolete: true
Comment on attachment 8381087 [details] [diff] [review] Make IPDL-generated code not crash release builds on bad Shmems Review of attachment 8381087 [details] [diff] [review]: ----------------------------------------------------------------- The adopt looks good, shouldn't we do the same for dealloc too?
Attachment #8381087 - Flags: review?(bent.mozilla) → review+
Regarding the adopt, I don't even know what it does, and this patch doesn't change it, so I'll leave it to you and other specialists :)
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla30
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: