[tbb-bugs] #19400 [Applications/Tor Browser]: [Asan] Crash in js::AsmJSModule::deserialize / DeserializeSig
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jun 12 18:56:56 UTC 2016
#19400: [Asan] Crash in js::AsmJSModule::deserialize / DeserializeSig
------------------------------------------+-----------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Keywords: tbb-crash
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+-----------------------
Steps to reproduce:
1. Open current tor browser alpha, hardened (6.5a1)
2. surf on facebookcorewwwi.onion
3. click somewhere to start composing a message
4. as soon as you can, try to type (not sure this is required)
What happens:
Tor browser crashes.
{{{
Date Time [notice] Bootstrapped 100%: Done
Date Time [notice] New control connection opened from 127.0.0.1.
Date Time [notice] New control connection opened from 127.0.0.1.
Time addons.productaddons ERROR Request failed certificate checks:
[Exception... "SSL is required and URI scheme is not https." nsresult:
"0x8000ffff (NS_ERROR_UNEXPECTED)" location: "JS frame ::
resource://gre/modules/CertUtils.jsm :: checkCert :: line 145" data: no]
=================================================================
==5252==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x7f6dfe8c6000 at pc 0x7f6e4c3f2605 bp 0x7f6e009f23f0 sp 0x7f6e009f1ba0
READ of size 9437184 at 0x7f6dfe8c6000 thread T59 (DOM Worker)
ASAN:SIGSEGV
==5252==AddressSanitizer: while reporting a bug found another one.
Ignoring.
Date Time [notice] Owning controller connection has closed -- exiting now.
Date Time [notice] Catching signal TERM, exiting cleanly.
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19400>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list