| 1442821
|
|
UBSan: member call on address which does not point to an object of type 'mozilla::media::TimeIntervals'
|
Core
|
Audio/Video: Playbac
|
nobody
|
NEW
|
---
|
2023-03-30
|
| 1447055
|
|
UBSan: vorbis: value is outside the range lib/sharedbook.c:65
|
Core
|
Audio/Video: Playbac
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1447058
|
|
UBSan: vorbis: shift exponent is negative lib/info.c:218
|
Core
|
Audio/Video: Playbac
|
nobody
|
NEW
|
---
|
2023-03-30
|
| 1448202
|
|
UBSan: downcast of address which does not point to an object of type 'mozilla::dom::HTMLVideoElement'
|
Core
|
Audio/Video: Playbac
|
nobody
|
NEW
|
---
|
2023-03-30
|
| 1583399
|
|
invalid shift in media/libogg/src/ogg_framing.c:63
|
Core
|
Audio/Video: Playbac
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1583402
|
|
invalid shift in media/libvorbis/lib/vorbis_sharedbook.c:417
|
Core
|
Audio/Video: Playbac
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1583405
|
|
invalid shift in media/libvorbis/lib/vorbis_info.c:218
|
Core
|
Audio/Video: Playbac
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1583946
|
|
undefined shift in media/libtheora/lib/state.c:649
|
Core
|
Audio/Video: Playbac
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1583995
|
|
undefined shift in media/libtheora/lib/x86/mmxfrag.c:219
|
Core
|
Audio/Video: Playbac
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1584407
|
|
undefined shift in media/libogg/src/ogg_bitwise.c:399
|
Core
|
Audio/Video: Playbac
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1584640
|
|
undefined shift in src/dom/canvas/WebGLTexelConversions.h:94
|
Core
|
Graphics: CanvasWebG
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1597572
|
|
null pointer passed as argument 2, which is declared to never be null in modules/zlib/src/trees.c:873
|
Core
|
JavaScript Engine
|
nobody
|
NEW
|
---
|
2024-04-29
|
| 1619468
|
|
load of value 999, which is not a valid value for type 'SecurityPropertyState' in src/security/manager/ssl/nsSiteSecurityService.cpp:98
|
Core
|
Security: PSM
|
nobody
|
NEW
|
---
|
2020-05-18
|
| 1758985
|
|
src/objdir-ff-ubsan/dist/include/nsCoord.h:363:60: runtime error: 2.24797e+09 is outside the range of representable values of type 'int'
|
Core
|
Graphics: WebRender
|
nobody
|
NEW
|
---
|
2024-04-01
|
| 1448203
|
|
UBSan: member call on address which does not point to an object of type 'mozilla::dom::HTMLVideoElement'
|
Core
|
Audio/Video: Playbac
|
alwu
|
NEW
|
---
|
2023-03-30
|
| 1752377
|
|
src/objdir-ff-ubsan/dist/include/mozilla/dom/quota/CheckedUnsafePtr.h:350:43: runtime error: reference binding to null pointer of type 'mozilla::dom::WorkerPrivate'
|
Core
|
DOM: Workers
|
echuang
|
NEW
|
---
|
2022-09-06
|
| 1772647
|
|
dom/media/platforms/wrappers/MediaChangeMonitor.cpp:177:44: runtime error: inf is outside the range of representable values of type 'int'
|
Core
|
Audio/Video
|
jolin
|
NEW
|
---
|
2022-10-17
|
| 1354177
|
|
libjpeg-turbo: shift exponent -1 is negative [@ decode_mcu_fast]
|
Core
|
Graphics: ImageLib
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1414090
|
|
UBSan: theora: multiple invalid left shifts
|
Core
|
Audio/Video: Playbac
|
nobody
|
NEW
|
---
|
2023-03-30
|
| 1420505
|
|
UBSan: null pointer passed as argument which is declared to never be null [@ mozilla::gfx::AttributeMap::Set]
|
Core
|
Graphics
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1431882
|
|
UBSan: layout/base/nsLayoutUtils.cpp:507:56: runtime error: division by zero [@ GetSuitableScale]
|
Core
|
Layout
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1431885
|
|
UBSan: gfx/src/nsCoord.h:100:18: runtime error: -nan is outside the range of representable values of type 'int'
|
Core
|
Layout
|
nobody
|
NEW
|
---
|
2023-03-30
|
| 1436222
|
|
UBSan: value is outside the range of representable values of type 'int' /include/mozilla/gfx/Rect.h:258
|
Core
|
Graphics: Layers
|
nobody
|
NEW
|
---
|
2023-03-30
|
| 1436223
|
|
UBSan: value is outside the range of representable values of type 'unsigned int' in dom/base/nsJSEnvironment.cpp:1859
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2023-03-30
|
| 1438260
|
|
UBSan: downcast of address which does not point to an object of type 'MessageLoopForIO' /ipc/chromium/src/base/message_loop.h
|
Core
|
IPC
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1443910
|
|
UBSan: multiple instances of undefined behavior
|
Core
|
Layout: Tables
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1443915
|
|
UBSan: addition of unsigned offset overflowed in mozilla-central/dom/canvas/WebGLTexelConversions.cpp:218
|
Core
|
Graphics: CanvasWebG
|
nobody
|
NEW
|
---
|
2023-03-30
|
| 1446871
|
|
UBSan: vorbis: invalid left shift lib/sharedbook.c:417
|
Core
|
Audio/Video: Playbac
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1581672
|
|
left shift of negative value -32768 in gfx/cairo/cairo/src/cairo-fixed-private.h:62:14
|
Core
|
Graphics
|
nobody
|
NEW
|
---
|
2023-06-29
|
| 1585721
|
|
null pointer passed as argument 2, which is declared to never be null in include/nsCharTraits.h:299
|
Core
|
XPCOM
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1588938
|
|
undefined shift in intl/icu/source/common/ubidiln.cpp:666
|
Core
|
JavaScript: Internat
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1589496
|
|
signed integer overflow in [@ mozilla::RoundUpToMultiple]
|
Core
|
Graphics
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1589527
|
|
null pointer passed as argument 2, which is declared to never be null in dist/include/mozilla/Printf.h:181
|
Toolkit
|
Startup and Profile
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1603271
|
|
addition of unsigned offset overflowed in media/ffvpx/libavcodec/videodsp_template.c:47
|
Core
|
Audio/Video: Playbac
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1759021
|
|
src/layout/painting/nsDisplayList.cpp:6472:39: runtime error: 2.14748e+09 is outside the range of representable values of type 'int'
|
Core
|
Web Painting
|
nobody
|
NEW
|
---
|
2022-06-21
|
| 1780604
|
|
src/swgl_ext.h:547:16: runtime error: -nan is outside the range of representable values of type 'int'
|
Core
|
Graphics: WebRender
|
nobody
|
NEW
|
---
|
2024-04-01
|
| 1841190
|
|
src/gfx/cairo/cairo/src/cairo-fixed-private.h:64:14: runtime error: left shift of negative value -4
|
Core
|
Printing: Output
|
nobody
|
NEW
|
---
|
2023-07-10
|
| 1468126
|
|
UBSan: signed integer overflow in [@ ClampAndAlignWithPixels]
|
Core
|
Layout
|
nobody
|
NEW
|
---
|
2024-01-22
|
| 1882148
|
|
src/modules/fdlibm/src/e_powf.cpp:249:9: runtime error: left shift of negative value -12
|
Core
|
Audio/Video: Playbac
|
karlt
|
NEW
|
---
|
2024-03-10
|
| 1272020
|
|
Undefined behavior in fix for bug 1140537
|
Core
|
XML
|
nobody
|
NEW
|
---
|
2024-02-27
|
| 1436778
|
|
UBSan: value is outside the range of representable values of type 'unsigned int' /dom/performance/PerformanceTiming.cpp:92
|
Core
|
Performance
|
nobody
|
NEW
|
---
|
2022-09-19
|
| 1593387
|
|
call to function moz_malloc_usable_size through pointer to incorrect function type in src/xpcom/ds/PLDHashTable.cpp:676
|
Core
|
XPCOM
|
nobody
|
NEW
|
---
|
2022-10-11
|
| 1772654
|
|
dist/include/mozilla/gfx/Coord.h:144:41: runtime error: 2.14748e+09 is outside the range of representable values of type 'int'
|
Core
|
Graphics
|
nobody
|
NEW
|
---
|
2022-06-21
|
| 1773590
|
|
src/layout/painting/nsCSSRenderingBorders.cpp:2117:20: runtime error: -4 is outside the range of representable values of type 'unsigned long'
|
Core
|
Web Painting
|
nobody
|
NEW
|
---
|
2022-06-20
|
| 1419232
|
|
UBSan: division by zero in [@ mozilla::dom::CanvasPath::ArcTo]
|
Core
|
Graphics: Canvas2D
|
bas
|
ASSI
|
---
|
2024-01-13
|
| 1577584
|
|
reference binding to address with insufficient space for an object of type 'const OT::LangSys'
|
Core
|
Graphics: Text
|
nobody
|
REOP
|
---
|
2022-10-11
|
| 1751821
|
|
gecko/dom/media/gmp/GMPLoader.cpp:49:12: runtime error: call to function GMPInit through pointer to incorrect function type 'GMPErr (*)(const GMPPlatformAPI *)'
|
Core
|
Audio/Video: GMP
|
brycebugemail
|
RESO
|
FIXE
|
2022-03-05
|
| 1581986
|
|
left shift of 128 by 24 places cannot be represented in type 'int' in security/manager/ssl/md4.c:68:28
|
Core
|
Security: PSM
|
dkeeler
|
RESO
|
FIXE
|
2019-09-23
|
| 1427673
|
|
UBSan: null pointer passed as argument 2, which is declared to never be null [@ sslBuffer_AppendVariable]
|
NSS
|
Libraries
|
ekr
|
RESO
|
FIXE
|
2023-01-24
|
| 1438310
|
|
UBSan: member call on address which does not point to an object of type 'js::MatchPairs' in /js/src/builtin/RegExp.cpp
|
Core
|
JavaScript Engine: J
|
jdemooij
|
RESO
|
FIXE
|
2019-07-11
|
| 1603055
|
|
BigInt and Object type confusion vulnerability exploitable via XSLTProcessor setParameter method
|
Core
|
XPConnect
|
jdemooij
|
RESO
|
FIXE
|
2024-05-30
|
| 1583970
|
|
addition of unsigned offset overflowed in dom/canvas/WebGLTexelConversions.cpp:209
|
Core
|
Graphics: CanvasWebG
|
jgilbert
|
RESO
|
FIXE
|
2019-10-30
|
| 1784352
|
|
dist/include/mozilla/RangedPtr.h:249:12: runtime error: reference binding to misaligned address 0x7fee8b9e5029 for type 'const unsigned int', which requires 4 byte alignment
|
Core
|
Graphics: CanvasWebG
|
jgilbert
|
RESO
|
WORK
|
2024-04-02
|
| 1436242
|
|
UBSan: null pointer passed as argument 2, which is declared to never be null [@ IPC::Channel::ChannelImpl::ProcessIncomingMessages] | /usr/include/c++/8/bits/stl_vector.h:932: Assertion '__builtin_expect(__n < this->size(), true)' failed.
|
Core
|
IPC
|
jld
|
RESO
|
FIXE
|
2018-05-31
|
| 1432642
|
|
UBSan: signed integer overflow in [@ quorem2]
|
Core
|
JavaScript Engine
|
jwalden
|
RESO
|
FIXE
|
2018-03-02
|
| 1583293
|
|
invalid shift in modules/fdlibm/src/e_exp.cpp:150
|
Core
|
JavaScript Engine
|
jwalden
|
RESO
|
FIXE
|
2019-09-26
|
| 1583645
|
|
undefined shift in modules/fdlibm/src/s_expm1.cpp:190
|
Core
|
JavaScript Engine
|
jwalden
|
RESO
|
FIXE
|
2019-09-26
|
| 1584006
|
|
undefined shift in js/src/ctypes/CTypes.cpp:8708
|
Core
|
js-ctypes
|
jwalden
|
RESO
|
FIXE
|
2019-10-19
|
| 1805327
|
|
gecko/dom/media/webaudio/AudioBuffer.cpp:345:45: runtime error: pointer index expression with base 0xcb23b800 overflowed to 0x18baefec
|
Core
|
Web Audio
|
karlt
|
RESO
|
FIXE
|
2023-01-06
|
| 1722073
|
|
AddressSanitizer: stack-use-after-scope [@ `anonymous namespace'::wasapi_find_matching_output_device] with READ of size 8
|
Core
|
Audio/Video: cubeb
|
kinetik
|
RESO
|
FIXE
|
2022-08-26
|
| 1432348
|
|
UBSan: downcast of address which does not point to an object of type 'nsDisplayBackgroundGeometry' in /layout/painting/nsDisplayListInvalidation.h:132
|
Core
|
Web Painting
|
matt.woodrow
|
RESO
|
FIXE
|
2018-02-02
|
| 1432332
|
|
UBsan: value is outside the range of representable values of type 'int' in /include/mozilla/FloatingPoint.h:348
|
Core
|
MFBT
|
nobody
|
RESO
|
DUPL
|
2018-02-14
|
| 1454359
|
|
Cherry-pick more upstream FreeType oss-fuzz fixes
|
Core
|
Graphics: Text
|
ryanvm
|
RESO
|
FIXE
|
2018-08-28
|
| 1533612
|
|
UBSan: signed integer overflow in [@ mozilla::AudioSink::PushProcessedAudio]
|
Core
|
Audio/Video: Playbac
|
achronop
|
RESO
|
FIXE
|
2019-03-14
|
| 1468131
|
|
UBSan: pointer index expression overflowed [@ GetTrimmableWhitespaceCount]
|
Core
|
Layout: Text and Fon
|
away
|
RESO
|
FIXE
|
2019-10-17
|
| 1535980
|
|
src/dom/media/webm/WebMDemuxer.cpp:392:28: runtime error: -8.27704e+259 is outside the range of representable values of type 'unsigned int'
|
Core
|
Audio/Video: Playbac
|
azebrowski
|
RESO
|
FIXE
|
2022-09-20
|
| 1440531
|
|
UBSan: downcast of address which does not point to an object of type 'js::jit::MInstruction' js/src/jit/InlineList.h:471
|
Core
|
JavaScript Engine: J
|
bhackett1024
|
RESO
|
FIXE
|
2018-06-13
|
| 1431868
|
|
UBSan: -49.9797 is outside the range of representable values of type 'unsigned int' in include/mozilla/Telemetry.h:190
|
Toolkit
|
Telemetry
|
chutten
|
RESO
|
FIXE
|
2018-06-17
|
| 1432362
|
|
UBSan: -223.106 is outside the range of representable values of type 'unsigned int' in /toolkit/components/telemetry/Telemetry.cpp
|
Toolkit
|
Telemetry
|
diorahman
|
RESO
|
FIXE
|
2018-03-07
|
| 1587159
|
|
undefined shift in media/webrtc/trunk/webrtc/modules/audio_coding/codecs/g722/g722_encode.c:78
|
Core
|
WebRTC: Audio/Video
|
dminor
|
RESO
|
FIXE
|
2020-06-22
|
| 1603296
|
|
null pointer passed as argument 2, which is declared to never be null in media/webrtc/trunk/webrtc/rtc_base/buffer.h:348
|
Core
|
WebRTC: Audio/Video
|
dminor
|
RESO
|
FIXE
|
2020-06-22
|
| 1581964
|
|
left shift of 1 by 31 places cannot be represented in type 'int' in media/webrtc/signaling/src/sdp/sipcc/sdp_attr.c:1483:33
|
Core
|
WebRTC: Signaling
|
docfaraday
|
RESO
|
FIXE
|
2019-09-20
|
| 1414077
|
|
UBSan: division by zero [@ mozilla::dom::ImageDocument::ScrollImageTo]
|
Core
|
DOM: Core & HTML
|
echen
|
RESO
|
FIXE
|
2019-03-13
|
| 1751108
|
|
nsLayoutUtils.h:3077:54: runtime error: -nan is outside the range of representable values of type 'int'
|
Core
|
SVG
|
emilio
|
RESO
|
FIXE
|
2022-03-02
|
| 1869457
|
|
gecko/xpcom/base/AvailableMemoryWatcherLinux.cpp:133:36: runtime error: division by zero
|
Core
|
XPCOM
|
gsvelto
|
RESO
|
FIXE
|
2023-12-20
|
| 1883793
|
|
/src/toolkit/components/glean/bindings/private/TimingDistribution.cpp:171:21: runtime error: -3.91041e+09 is outside the range of representable values of type 'unsigned long'
|
Data Platform and To
|
Glean: SDK
|
jrediger
|
RESO
|
FIXE
|
2024-03-20
|
| 1532849
|
|
UBSan: Value outside the range of representable values of type 'unsigned int' [@ mozilla::ChannelMediaDecoder::ComputePlaybackRate]
|
Core
|
Audio/Video: Playbac
|
jya-moz
|
RESO
|
FIXE
|
2019-05-02
|
| 1532858
|
|
UBSan: Value outside the range of representable values of type 'unsigned int' [@ mozilla::WebMDemuxer::ReadMetadata]
|
Core
|
Audio/Video: Playbac
|
jya-moz
|
RESO
|
FIXE
|
2019-03-15
|
| 1532861
|
|
UBSan: signed integer overflow in [@ mozilla::IsValidVideoRegion]
|
Core
|
Audio/Video: Playbac
|
jya-moz
|
RESO
|
FIXE
|
2019-10-30
|
| 1532867
|
|
UBSan: left shift of negative value in [@ mozilla::BitWriter::WriteBits]
|
Core
|
Audio/Video: Playbac
|
jya-moz
|
RESO
|
FIXE
|
2019-05-02
|
| 1534156
|
|
UBSan: signed integer overflow in [@ ConditionDimension]
|
Core
|
Audio/Video: Playbac
|
jya-moz
|
RESO
|
FIXE
|
2019-05-02
|
| 1758219
|
|
src/swgl_ext.h:537:16: runtime error: -nan is outside the range of representable values of type 'int'
|
Core
|
Graphics: WebRender
|
lsalzman
|
RESO
|
FIXE
|
2022-06-17
|
| 1419609
|
|
UBSan: load of value which is not a valid value for type 'bool' [@ nsDisplayListBuilder::WrapAGRForFrame]
|
Core
|
Web Painting
|
matt.woodrow
|
RESO
|
FIXE
|
2017-12-15
|
| 1575584
|
|
load of value, which is not a valid value for type 'bool' in /src/editor/libeditor/TextEditor.cpp:1889
|
Core
|
DOM: Editor
|
mbrodesser
|
RESO
|
FIXE
|
2019-08-23
|
| 1758983
|
|
src/objdir-ff-ubsan/dist/include/mozilla/gfx/Point.h:97:34: runtime error: -1.87351e+15 is outside the range of representable values of type 'int'
|
Core
|
Graphics: WebRender
|
mikokm
|
RESO
|
FIXE
|
2022-06-06
|
| 1419280
|
|
UBSan: invalid shift in [@ big2_prologTok]
|
Core
|
XML
|
nobody
|
RESO
|
DUPL
|
2019-12-11
|
| 1437735
|
|
UBSan: divide-by-zero in [@ ClampAndAlignWithPixels]
|
Core
|
Layout
|
nobody
|
RESO
|
DUPL
|
2019-12-23
|
| 1439439
|
|
UBSan: division by zero [@ nsLayoutUtils::CalculateRootCompositionSize]
|
Core
|
Layout
|
nobody
|
RESO
|
DUPL
|
2019-12-23
|
| 1439446
|
|
UBSan: src/gfx/skia/skia/src/pathops/SkPathOpsQuad.cpp:150:24: runtime error: division by zero
|
Core
|
Graphics
|
nobody
|
RESO
|
DUPL
|
2019-10-17
|
| 1440533
|
|
UBSan: member access within address which does not point to an object of type 'mozilla::dom::IDBRequest' dom/indexedDB/IDBRequest.cpp
|
Core
|
Storage: IndexedDB
|
nobody
|
RESO
|
INCO
|
2019-12-04
|
| 1587173
|
|
Call to function through pointer to incorrect function type in dist/include/js/RootingAPI.h:843
|
Core
|
JavaScript: GC
|
nobody
|
RESO
|
DUPL
|
2020-05-18
|
| 1439046
|
|
UBSan: division by zero in [@ WebCore::DynamicsCompressorKernel::process]
|
Core
|
Web Audio
|
padenot
|
RESO
|
FIXE
|
2019-07-11
|
| 1413063
|
|
UBSan: js/src/gc/Nursery.cpp:486:20: runtime error: division by zero [@ calcPromotionRate]
|
Core
|
JavaScript: GC
|
pbone
|
RESO
|
FIXE
|
2017-11-08
|
| 1808632
|
|
Potential null pointer dereference in TaskbarPreviewCallback::Done() caused by failure to check return value
|
Core
|
Widget: Win32
|
rkraesig
|
RESO
|
FIXE
|
2024-06-02
|
| 1823551
|
|
Latent write beyond bounds in nsDirIndexParser::OnDataAvailable()
|
Core
|
Networking: HTTP
|
smayya
|
RESO
|
FIXE
|
2024-05-30
|
| 1413762
|
|
UBSan: shift exponent is too large [@ mozilla::image::nsGIFDecoder2::ReadImageDataBlock]
|
Core
|
Graphics: ImageLib
|
tnikkel
|
RESO
|
FIXE
|
2017-11-30
|
| 1581655
|
|
left shift of negative value -1 in netwerk/base/nsProtocolProxyService.cpp:678:56
|
Core
|
Networking
|
valentin.gosu
|
RESO
|
FIXE
|
2019-09-18
|
| 1420525
|
|
UBSan: load of value which is not a valid value 'bool' [@ mozilla::EventStateManager::UpdateCursor]
|
Core
|
DOM: Events
|
xidorn+moz
|
RESO
|
FIXE
|
2017-11-29
|
| 1758824
|
|
src/layout/generic/nsFloatManager.cpp:2807:10: runtime error: -nan is outside the range of representable values of type 'int'
|
Core
|
Layout: Floats
|
aethanyc
|
RESO
|
FIXE
|
2022-06-24
|
| 1414065
|
|
UBSan: null pointer passed as argument 1, which is declared to never be null [@ mozilla::image::fill_input_buffer]
|
Core
|
Graphics: ImageLib
|
aosmond
|
RESO
|
FIXE
|
2017-11-30
|
| 1595259
|
|
basic/hypot-approx.js triggers left shift of a negative value in e_hypot.cpp
|
Core
|
JavaScript Engine
|
arai.unmht
|
RESO
|
FIXE
|
2022-09-06
|
| 1752624
|
|
nsCSSRenderingBorders.cpp:2182:20: runtime error: -287 is outside the range of representable values of type 'unsigned long'
|
Core
|
Web Painting
|
arai.unmht
|
RESO
|
FIXE
|
2022-03-28
|
| 1586170
|
|
reference binding to null pointer of type 'const unsigned char' in [@ mozilla::NrIceTurnServer::ToNicerTurnStruct]
|
Core
|
WebRTC
|
away
|
RESO
|
FIXE
|
2020-01-10
|
| 1584005
|
|
undefined shift in modules/libjar/zipwriter/nsZipHeader.cpp
|
Core
|
Networking: JAR
|
CuveeHsu
|
RESO
|
FIXE
|
2019-10-07
|
| 1413622
|
|
UBSan: netwerk/cache/nsCacheService.cpp:3067:63: division by zero [@ nsCacheService::LogCacheStatistics]
|
Core
|
Networking: Cache
|
dd.mozilla
|
RESO
|
FIXE
|
2017-11-15
|
| 1583967
|
|
addition of unsigned offset overflowed in media/webrtc/trunk/webrtc/common_audio/signal_processing/downsample_fast.c:45
|
Core
|
WebRTC: Audio/Video
|
dminor
|
RESO
|
FIXE
|
2020-06-22
|
| 1587164
|
|
undefined shift in media/webrtc/trunk/webrtc/rtc_base/timeutils.cc:142
|
Core
|
WebRTC
|
dminor
|
RESO
|
FIXE
|
2020-07-01
|
| 1619484
|
|
load of value 3840206052, which is not a valid value for type 'MouseCursorMonitor::CursorState' in src/media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_and_cursor_composer.cc:197
|
Core
|
WebRTC
|
dminor
|
RESO
|
FIXE
|
2020-06-22
|
| 1436240
|
|
UBSan: load of value which is not a valid value for type 'bool' in /layout/style/MediaQueryList.cpp:78
|
Core
|
Layout
|
emilio
|
RESO
|
FIXE
|
2018-02-07
|
| 1772640
|
|
src/layout/generic/nsGfxScrollFrame.cpp:1299:23: runtime error: 5.85677e+09 is outside the range of representable values of type 'int'
|
Core
|
Layout: Scrolling an
|
hikezoe.birchill
|
RESO
|
FIXE
|
2022-07-04
|
| 1649862
|
|
load of value 128, which is not a valid value for type 'enum Dav1dMatrixCoefficients' in dom/media/platforms/agnostic/DAV1DDecoder.cpp:188
|
Core
|
Audio/Video: Playbac
|
jbauman
|
RESO
|
FIXE
|
2020-08-18
|
| 1746690
|
|
src/js/src/gc/Statistics.cpp:1028:54: runtime error: inf is outside the range of representable values of type 'unsigned int'
|
Core
|
JavaScript: GC
|
jcoppeard
|
RESO
|
FIXE
|
2022-01-12
|
| 1431866
|
|
UBSan: -1000 is outside the range of representable values of type 'unsigned int'
|
Core
|
Graphics: Text
|
jfkthame
|
RESO
|
FIXE
|
2018-06-17
|
| 1532868
|
|
UBSan: left shift of negative value in include/mozilla/FontPropertyTypes.h:101:2
|
Core
|
Layout: Text and Fon
|
jfkthame
|
RESO
|
FIXE
|
2019-03-20
|
| 1442825
|
|
UBSan: downcast of address which does not point to an object of type 'mozilla::gl::ScopedBindRenderbuffer'
|
Core
|
Graphics
|
jgilbert
|
RESO
|
FIXE
|
2019-09-06
|
| 1581946
|
|
left shift of 255 by 24 places cannot be represented in type 'int' in gfx/cairo/cairo/src/cairo-image-surface.c:2537:34
|
Core
|
Graphics
|
jnicol
|
RESO
|
FIXE
|
2022-01-19
|
| 1413049
|
|
UBSan: store to misaligned address for type 'uintptr_t' (aka 'unsigned long')
|
Core
|
JavaScript Engine: J
|
jorendorff
|
RESO
|
FIXE
|
2018-10-26
|
| 1469410
|
|
UBSan false positive at tools/profiler/lul/LulMain.cpp:910:57
|
Core
|
Gecko Profiler
|
jseward
|
RESO
|
FIXE
|
2018-08-15
|
| 1788368
|
|
src/dom/file/ipc/RemoteLazyInputStreamChild.cpp:32:41: runtime error: member call on null pointer of type 'mozilla::RemoteLazyInputStreamThread'
|
Core
|
DOM: File
|
jstutte
|
RESO
|
FIXE
|
2022-09-04
|
| 1413750
|
|
UBSan: shift exponent is too large [@ mp4_demuxer::BitReader::ReadBits]
|
Core
|
Audio/Video: Playbac
|
jya-moz
|
RESO
|
FIXE
|
2022-01-10
|
| 1413618
|
|
UBSan: layout/base/nsLayoutUtils.cpp:1134:50: runtime error: division by zero [@ GetDisplayPortFromMarginsData]
|
Core
|
Layout
|
kats
|
RESO
|
FIXE
|
2018-01-09
|
| 1419250
|
|
UBSan: division by zero in [@ nsSVGLength2::GetUnitScaleFactor]
|
Core
|
SVG
|
longsonr
|
RESO
|
FIXE
|
2017-12-31
|
| 1420492
|
|
UBSan: division by zero in [@ nsSVGArcConverter::nsSVGArcConverter]
|
Core
|
SVG
|
longsonr
|
RESO
|
FIXE
|
2017-12-11
|
| 1584008
|
|
member access within address <addr> with insufficient space for an object of type 'tt_cmap_t' in src/gfx/cairo/cairo/src/cairo-truetype-subset.c:1293
|
Core
|
Graphics
|
lsalzman
|
RESO
|
FIXE
|
2019-10-02
|
| 1584639
|
|
undefined shift in src/gfx/cairo/cairo/src/cairoint.h:222
|
Core
|
Graphics
|
lsalzman
|
RESO
|
FIXE
|
2019-11-25
|
| 1585845
|
|
member access within address <addr> with insufficient space for an object of type 'tt_segment_map_t' in gfx/cairo/cairo/src/cairo-truetype-subset.c:1194
|
Core
|
Graphics
|
lsalzman
|
RESO
|
FIXE
|
2019-10-04
|
| 1746913
|
|
src/gl.cc:202:17: runtime error: 2.51151e+09 is outside the range of representable values of type 'int'
|
Core
|
Graphics: WebRender
|
lsalzman
|
RESO
|
FIXE
|
2022-06-09
|
| 1752456
|
|
Rect.h:272:61: runtime error: inf is outside the range of representable values of type 'int'
|
Core
|
Graphics: Canvas2D
|
lsalzman
|
RESO
|
FIXE
|
2022-03-05
|
| 1752457
|
|
FilterNodeSoftware.cpp:3722:16: runtime error: -nan is outside the range of representable values of type 'unsigned short'
|
Core
|
Graphics
|
lsalzman
|
RESO
|
FIXE
|
2022-03-03
|
| 1772643
|
|
src/swgl_ext.h:692:27: runtime error: -4.2924e+09 is outside the range of representable values of type 'int'
|
Core
|
Graphics: WebRender
|
lsalzman
|
RESO
|
FIXE
|
2022-06-11
|
| 1751107
|
|
src/dom/svg/SVGSVGElement.cpp:203:38: runtime error: 1.84467e+22 is outside the range of representable values of type 'long'
|
Core
|
SVG
|
mathew.hodson
|
RESO
|
FIXE
|
2022-08-10
|
| 1751828
|
|
nsCoord.h:303:62: runtime error: 7.40593e+09 is outside the range of representable values of type 'int'
|
Core
|
Layout: Text and Fon
|
mathew.hodson
|
RESO
|
FIXE
|
2023-09-16
|
| 1772652
|
|
dist/include/nsCoord.h:105:18: runtime error: -nan is outside the range of representable values of type 'int'
|
Core
|
Layout: Tables
|
mathew.hodson
|
RESO
|
FIXE
|
2023-10-15
|
| 1414046
|
|
UBSan: null pointer passed as argument declared to never be null [@ mozilla::net::CacheFileMetadata::WriteMetadata]
|
Core
|
Networking: Cache
|
michal.novotny
|
RESO
|
FIXE
|
2017-11-04
|
| 1418028
|
|
UBSan: null pointer passed as argument declared to never be null [@ mozilla::net::CacheFileMetadata::WriteMetadata]
|
Core
|
Networking: Cache
|
michal.novotny
|
RESO
|
FIXE
|
2018-01-19
|
| 1419508
|
|
UBSan: division by zero in [@ mozilla::ContainerState::CreateMaskLayer]
|
Core
|
Web Painting
|
mozbugz
|
RESO
|
FIXE
|
2018-02-13
|
| 1772639
|
|
src/gfx/layers/wr/WebRenderCommandBuilder.cpp:62:42: runtime error: -3.234e+20 is outside the range of representable values of type 'long'
|
Core
|
Graphics: WebRender
|
nical.bugzilla
|
RESO
|
FIXE
|
2022-06-13
|
| 1772655
|
|
src/gl.cc:2841:17: runtime error: call to function mozilla::wr::WebRenderMallocSizeOf(void const*) through pointer to incorrect function type 'unsigned long (*)(void *)'
|
Core
|
Graphics: WebRender
|
nical.bugzilla
|
RESO
|
FIXE
|
2022-06-10
|
| 1782124
|
|
src/js/src/jit/x86-shared/Assembler-x86-shared.h:4795:5: runtime error: store to misaligned address 0x3a4d55f6288d for type 'int32_t' (aka 'int'), which requires 4 byte alignment
|
Core
|
JavaScript Engine: J
|
nicolas.b.pierron
|
RESO
|
FIXE
|
2022-08-03
|
| 1302186
|
|
AddressSanitizer: memcpy-param-overlap: memory ranges overlap in [@ S32_Opaque_BlitRow32]
|
Core
|
Graphics
|
nobody
|
RESO
|
WORK
|
2017-08-07
|
| 1378971
|
|
Nascent undefined behavior in FromJSON_str_t()
|
Core Graveyard
|
Plug-ins
|
nobody
|
RESO
|
WONT
|
2023-12-26
|
| 1419239
|
|
UBSan: division by zero [@ mozilla::gfx::FindBezierNearestPoint]
|
Core
|
Graphics
|
nobody
|
RESO
|
WORK
|
2021-05-16
|
| 1419522
|
|
UBSan: division by zero in [@ nsIFrame::ComputeBorderRadii]
|
Core
|
Layout
|
nobody
|
RESO
|
DUPL
|
2019-12-23
|
| 1436775
|
|
Graphite2: UBSan: addition of unsigned offset overflowed /gfx/graphite2/src/inc/Code.h:165
|
Core
|
Graphics: Text
|
nobody
|
RESO
|
FIXE
|
2018-03-26
|
| 1438948
|
|
UBSan: pointer index expression overflowed /layout/generic/nsTextFrame.cpp:882
|
Core
|
Layout: Text and Fon
|
nobody
|
RESO
|
DUPL
|
2019-10-23
|
| 1443893
|
|
UBSan: division by zero in [@ nsCSSRendering::ComputeRoundedSize]
|
Core
|
Web Painting
|
nobody
|
RESO
|
WORK
|
2019-12-23
|
| 1468125
|
|
UBSan: signed integer overflow in [@ mozilla::FrameLayerBuilder::PaintItems]
|
Core
|
Web Painting
|
nobody
|
RESO
|
FIXE
|
2022-04-09
|
| 1468134
|
|
Graphite2: UBSan: addition of unsigned offset overflowed in [@ graphite2::TtfUtil::GlyfLookup]
|
Core
|
Graphics: Text
|
nobody
|
RESO
|
DUPL
|
2018-08-31
|
| 1534709
|
|
UBSan: shift exponent is too large for type in [@ mozilla::BitReader::ReadBits]
|
Core
|
Audio/Video: Playbac
|
nobody
|
RESO
|
DUPL
|
2019-10-17
|
| 1584643
|
|
addition of unsigned offset overflowed in src/media/webrtc/trunk/webrtc/common_audio/signal_processing/filter_ma_fast_q12.c:40
|
Core
|
WebRTC: Audio/Video
|
nobody
|
RESO
|
DUPL
|
2019-10-10
|
| 1584660
|
|
addition of unsigned offset overflowed in media/webrtc/trunk/webrtc/common_audio/signal_processing/filter_ar_fast_q12.c
|
Core
|
WebRTC: Audio/Video
|
nobody
|
RESO
|
DUPL
|
2019-10-10
|
| 1620671
|
|
-nan is outside the range of representable values of type 'int' in src/layout/generic/nsFloatManager.cpp:2813
|
Core
|
Layout: Floats
|
nobody
|
RESO
|
DUPL
|
2022-06-25
|
| 1746936
|
|
src/swgl_ext.h:424:28: runtime error: 4.67076e+09 is outside the range of representable values of type 'int'
|
Core
|
Graphics: WebRender
|
nobody
|
RESO
|
WORK
|
2022-03-08
|
| 1746957
|
|
src/swgl_ext.h:537:16: runtime error: -nan is outside the range of representable values of type 'int'
|
Core
|
Graphics: WebRender
|
nobody
|
RESO
|
DUPL
|
2022-01-27
|
| 1747330
|
|
src/dom/base/CCGCScheduler.cpp:327:18: runtime error: -3.31129 is outside the range of representable values of type 'unsigned int'
|
Core
|
DOM: Core & HTML
|
smaug
|
RESO
|
FIXE
|
2022-01-12
|
| 1778014
|
|
gecko/dom/base/CCGCScheduler.cpp:276:16: runtime error: -384.001 is outside the range of representable values of type 'unsigned int'
|
Core
|
JavaScript: GC
|
sphink
|
RESO
|
FIXE
|
2022-08-09
|
| 1438251
|
|
UBSan: downcast of address which does not point to an object of type 'js::jit::MInstruction' in /js/src/jit/InlineList.h:423
|
Core
|
JavaScript Engine: J
|
sunfish
|
RESO
|
FIXE
|
2018-02-16
|
| 1491742
|
|
UBSan: load of value which is not a valid value for type 'bool' in src/accessible/generic/ImageAccessible.cpp:66
|
Core
|
Disability Access AP
|
surkov.alexander
|
RESO
|
FIXE
|
2018-09-21
|
| 1747458
|
|
src/dom/base/nsJSEnvironment.cpp:1193:18: runtime error: -256.159 is outside the range of representable values of type 'unsigned int'
|
Core
|
DOM: Core & HTML
|
continuation
|
RESO
|
FIXE
|
2022-01-19
|
| 1412989
|
|
UBSan: runtime error: index 94 out of bounds for type 'UDataOffsetTOCEntry const[2]' [@ offsetTOCLookupFn]
|
Core
|
JavaScript: Internat
|
nobody
|
RESO
|
WONT
|
2017-11-01
|
| 1478523
|
|
UBSan: load of value 128, which is not a valid value for type 'GtkStateFlags' in [@ GetStyleContext]
|
Core
|
Widget: Gtk
|
nobody
|
RESO
|
DUPL
|
2020-02-28
|
| 1868901
|
|
Undefined behavior in ShutdownObserver()
|
Core
|
Graphics
|
aosmond
|
RESO
|
FIXE
|
2024-05-30
|
| 1848203
|
|
gecko/js/src/vm/JSONParser.cpp:893:51: runtime error: reference binding to address 0xcb00caf6 with insufficient space for an object
|
Core
|
JavaScript Engine
|
arai.unmht
|
RESO
|
FIXE
|
2023-08-11
|
| 1850072
|
|
UndefinedBehaviorSanitizer:: load of value 120, which is not a valid value for type 'bool'
|
Core
|
Graphics
|
bobowencode
|
RESO
|
FIXE
|
2024-04-28
|
| 1750668
|
|
src/dom/animation/AnimationEffect.cpp:195:35: runtime error: -inf is outside the range of representable values of type 'unsigned long'
|
Core
|
DOM: Animation
|
boris.chiou
|
RESO
|
FIXE
|
2022-03-03
|
| 1772646
|
|
gfx/layers/apz/test/gtest/APZTestCommon.h:54:10: runtime error: -172.371 is outside the range of representable values of type 'unsigned int'
|
Core
|
Panning and Zooming
|
botond
|
RESO
|
FIXE
|
2022-06-20
|
| 1468144
|
|
UBSan: signed integer overflow in [@ nsFloatManager::ShapeInfo::XInterceptAtY]
|
Core
|
Layout: Floats
|
bwerth
|
RESO
|
WONT
|
2018-10-19
|
| 1599569
|
|
member call on null pointer of type 'nsScriptSecurityManager' in js/xpconnect/src/XPCJSRuntime.cpp:1124
|
Core
|
Security: CAPS
|
continuation
|
RESO
|
FIXE
|
2022-01-10
|
| 1751102
|
|
xpcom/ds/nsVariant.cpp:518:1: runtime error: nan is outside the range of representable values of type 'unsigned int'
|
Core
|
XPCOM
|
continuation
|
RESO
|
FIXE
|
2022-02-03
|
| 1811327
|
|
cfi-derived-cast: Invalid downcast in ExecutionRunnable::RunOnWorkletThread
|
Core
|
Audio/Video
|
continuation
|
RESO
|
FIXE
|
2024-06-02
|
| 1868673
|
|
undefined behavior with gNeuteredWindows delete in MessageChannel::SyncStackFrame()
|
Core
|
IPC
|
continuation
|
RESO
|
FIXE
|
2024-05-30
|
| 1782141
|
|
src/mfbt/SIMD.cpp:26:10: runtime error: load of misaligned address 0x30c3486c1d29 for type 'const unsigned short', which requires 2 byte alignment
|
Core
|
JavaScript Engine
|
dothayer
|
RESO
|
FIXE
|
2022-08-02
|
| 1772649
|
|
dom/base/Document.cpp:2075:11: runtime error: -231.485 is outside the range of representable values of type 'unsigned int'
|
Core
|
DOM: Core & HTML
|
dpalmeiro
|
RESO
|
FIXE
|
2022-06-10
|
| 1391787
|
|
stylo: various crashes in gtk3 [@ _gtk_css_value_compute]
|
Core
|
CSS Parsing and Comp
|
emilio
|
RESO
|
FIXE
|
2018-02-01
|
| 1452202
|
|
Undefined behavior in PLDHashTable::operator=()
|
Core
|
XPCOM
|
ericrahm+bz
|
RESO
|
FIXE
|
2024-05-30
|
| 1418021
|
|
UBSan: null pointer passed as argument 2, which is declared to never be null [@ ssl3_HandleServerHello]
|
NSS
|
Libraries
|
franziskuskiefer
|
RESO
|
FIXE
|
2023-01-24
|
| 1746989
|
|
nsCoord.h:130:18: runtime error: -3.41666e+09 is outside the range of representable values of type 'int'
|
Core
|
DOM: Selection
|
hikezoe.birchill
|
RESO
|
FIXE
|
2022-09-12
|
| 1751110
|
|
src/layout/base/nsLayoutUtils.cpp:9226:17: runtime error: -nan is outside the range of representable values of type 'int'
|
Core
|
Layout
|
hikezoe.birchill
|
RESO
|
FIXE
|
2022-03-03
|
| 1586165
|
|
member call on null pointer of type 'js::jit::IonScriptCounts' in js/src/vm/JSScript.cpp:1504
|
Core
|
JavaScript Engine
|
jdemooij
|
RESO
|
FIXE
|
2019-10-04
|
| 1419274
|
|
UBSan: division by zero in [@ nsFontMetrics::GetMaxStringLength]
|
Core
|
Graphics: Text
|
jfkthame
|
RESO
|
FIXE
|
2018-09-22
|
| 1442830
|
|
UBSan: member call on address which does not point to an object of type 'gr_font'
|
Core
|
Graphics: Text
|
jfkthame
|
RESO
|
FIXE
|
2018-03-31
|
| 1460764
|
|
UBSan: -1 is outside the range of representable values of type 'unsigned int' mozilla-central/objdir-ff-ubsan/dist/include/mozilla/HashFunctions.h:161
|
Core
|
Graphics
|
jfkthame
|
RESO
|
FIXE
|
2018-06-20
|
| 1577669
|
|
left shift of 255 by 24 places cannot be represented in type 'int'
|
Core
|
Graphics
|
jfkthame
|
RESO
|
FIXE
|
2019-09-02
|
| 1580352
|
|
left shift of negative value -1 in [@ compute_transformed_extents]
|
Core
|
Graphics
|
jfkthame
|
RESO
|
FIXE
|
2019-09-11
|
| 1751103
|
|
src/layout/generic/nsTextFrame.cpp:8678:37: runtime error: -nan is outside the range of representable values of type 'int'
|
Core
|
Layout: Text and Fon
|
jfkthame
|
RESO
|
FIXE
|
2022-01-20
|
| 1801248
|
|
gecko/gfx/thebes/gfxTextRun.cpp:410:31: runtime error: pointer index expression overflowed [@ gfxTextRun::GetAdjustedSpacingArray]
|
Core
|
Graphics: Text
|
jfkthame
|
RESO
|
FIXE
|
2023-02-15
|
| 1884735
|
|
Assertion failure: isSome(), at /builds/worker/workspace/obj-build/dist/include/mozilla/Maybe.h:831
|
Core
|
DOM: Selection
|
jjaschke
|
RESO
|
FIXE
|
2024-03-19
|
| 1568047
|
|
IPC “bulk reading” a bool can cause undefined behavior
|
Core
|
IPC
|
jld
|
RESO
|
FIXE
|
2022-01-10
|
| 744965
|
|
mozilla::NumberEqualsInt32 shouldn't rely on undefined behavior
|
Core
|
MFBT
|
jwalden
|
RESO
|
FIXE
|
2018-02-22
|
| 1431874
|
|
UBSan: addition of unsigned offset to pointer overflowed in js/src/ctypes/CTypes.cpp:3211
|
Core
|
JavaScript Engine
|
jwalden
|
RESO
|
FIXE
|
2018-06-17
|
| 1432646
|
|
UBSan: signed integer overflow in [@ ToIntWidth]
|
Core
|
JavaScript Engine
|
jwalden
|
RESO
|
FIXE
|
2018-12-17
|
| 1438212
|
|
UBSan: value is outside the range of representable values of type 'float'
|
Core
|
MFBT
|
jwalden
|
RESO
|
FIXE
|
2018-06-08
|
| 1583291
|
|
invalid shift in js/src/vm/Interpreter-inl.h:919:30
|
Core
|
JavaScript Engine
|
jwalden
|
RESO
|
FIXE
|
2019-09-23
|
| 1584601
|
|
addition of unsigned offset overflowed in js/src/ctypes/CTypes.cpp:5159
|
Core
|
js-ctypes
|
jwalden
|
RESO
|
FIXE
|
2019-10-14
|
| 1594942
|
|
null pointer passed as argument 2, which is declared to never be null in include/nsTArray.h:586
|
Core
|
XPCOM
|
jwalden
|
RESO
|
FIXE
|
2020-05-22
|
| 1533127
|
|
UBSan: signed integer overflow in [@ mozilla::BitReader::ReadUE]
|
Core
|
Audio/Video: Playbac
|
jya-moz
|
RESO
|
FIXE
|
2019-03-08
|
| 1248153
|
|
Differential Testing: Different output message involving typed arrays
|
Core
|
JavaScript Engine: J
|
lhansen
|
RESO
|
FIXE
|
2017-01-05
|
| 1811464
|
|
cfi-derived-cast: Invalid downcast in SVGUtils::SetupStrokeGeometry
|
Core
|
SVG
|
longsonr
|
RESO
|
FIXE
|
2024-05-30
|
| 1749225
|
|
src/program.h:72:5: runtime error: call to function cs_clip_rectangle_vert::set_uniform_1i(cs_clip_rectangle_vert*, int, int) through pointer to incorrect function type 'void (*)(glsl::VertexShaderImpl *, int, int)'
|
Core
|
Graphics: WebRender
|
lsalzman
|
RESO
|
FIXE
|
2022-01-23
|
| 1807988
|
|
src/rasterize.h:1053:12: runtime error: applying non-zero offset 14336 to null pointer
|
Core
|
Graphics: WebRender
|
lsalzman
|
RESO
|
FIXE
|
2023-01-18
|
| 1820903
|
|
src/gl.cc:562:16: runtime error: pointer index expression with base 0x92cfa800 overflowed to 0x51606d58
|
Core
|
Graphics: WebRender
|
lsalzman
|
RESO
|
FIXE
|
2023-10-17
|
| 1666607
|
|
load of value 3840206052, which is not a valid value for type 'VideoInfo::Rotation' in gfx/layers/wr/AsyncImagePipelineManager.h:187
|
Core
|
Graphics: WebRender
|
matt.woodrow
|
RESO
|
FIXE
|
2021-11-22
|
| 1836883
|
|
[rust 1.70] Perma SUMMARY: ThreadSanitizer: heap-use-after-free /builds/worker/fetches/rustc/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:1386:9 in core::ptr::write::hef20bad9c2fce732
|
Core
|
Internationalization
|
mh+mozilla
|
RESO
|
FIXE
|
2023-10-17
|
| 1490828
|
|
UBSan: load of value 228, which is not a valid value for type 'bool' in /builds/worker/workspace/build/src/docshell/shistory/nsSHEntry.cpp:1011:15
|
Firefox
|
Session Restore
|
n.nethercote
|
RESO
|
FIXE
|
2018-09-13
|
| 1587176
|
|
call to function mozilla::pref_CompareFileNames(nsIFile*, nsIFile*, void*) through pointer to incorrect function type in xpcom/ds/nsCOMArray.cpp:103
|
Core
|
XPCOM
|
n.nethercote
|
RESO
|
FIXE
|
2019-11-25
|
| 1217609
|
|
Multiple invalid left shifts in libexpat
|
Core
|
XML
|
nobody
|
RESO
|
DUPL
|
2023-05-22
|
| 1414898
|
|
UBSan: shift exponent is too large [@ mozilla::image::nsGIFDecoder2::ReadImageDataBlock]
|
Core
|
Graphics: ImageLib
|
nobody
|
RESO
|
DUPL
|
2017-11-06
|
| 1437732
|
|
UBSan: divide-by-zero in [@ mozilla::layers::AnimationHelper::SampleAnimationForEachNode]
|
Core
|
Graphics: Layers
|
nobody
|
RESO
|
WORK
|
2018-05-10
|
| 1439802
|
|
UBSan divide by zero in [@ nsDisplayTransform::UntransformRect]
|
Core
|
Web Painting
|
nobody
|
RESO
|
WORK
|
2019-12-23
|
| 1440522
|
|
UBSan: downcast of address which does not point to an object of type 'mozilla::layers::PaintedLayer'
|
Core
|
Web Painting
|
nobody
|
RESO
|
WORK
|
2019-07-11
|
| 1442831
|
|
UBSan: member call on address which does not point to an object of type 'gr_face'
|
Core
|
Graphics: Text
|
nobody
|
RESO
|
FIXE
|
2018-03-31
|
| 1479831
|
|
OpenH264: shift exponent is negative in codec/decoder/core/src/cabac_decoder.cpp
|
Core
|
Audio/Video: GMP
|
nobody
|
RESO
|
FIXE
|
2022-09-09
|
| 1587146
|
|
call to function XRE_GetBootstrap through pointer to incorrect function type in src/xpcom/glue/standalone/nsXPCOMGlue.cpp:389
|
Core
|
XPCOM
|
nobody
|
RESO
|
WORK
|
2022-05-24
|
| 1588940
|
|
undefined shift in src/intl/icu/source/common/ubidiln.cpp:398
|
Core
|
JavaScript: Internat
|
nobody
|
RESO
|
DUPL
|
2019-10-24
|
| 1746939
|
|
src/swgl_ext.h:537:16: runtime error: -nan is outside the range of representable values of type 'int'
|
Core
|
Graphics: WebRender
|
nobody
|
RESO
|
DUPL
|
2022-01-27
|
| 1749226
|
|
src/program.h:80:5: runtime error: call to function cs_clip_rectangle_vert::set_uniform_matrix4fv(cs_clip_rectangle_vert*, int, float const*) through pointer to incorrect function type 'void (*)(glsl::VertexShaderImpl *, int, const float *)'
|
Core
|
Graphics: WebRender
|
nobody
|
RESO
|
DUPL
|
2022-01-21
|
| 1749227
|
|
src/program.h:83:23: runtime error: call to function cs_clip_rectangle_vert::init_batch(cs_clip_rectangle_vert*) through pointer to incorrect function type 'void (*)(glsl::VertexShaderImpl *)'
|
Core
|
Graphics: WebRender
|
nobody
|
RESO
|
DUPL
|
2022-01-21
|
| 1749228
|
|
src/program.h:87:5: runtime error: call to function cs_clip_rectangle_vert::load_attribs(cs_clip_rectangle_vert*, VertexAttrib*, unsigned int, int, int) through pointer to incorrect function type 'void (*)(glsl::VertexShaderImpl *, VertexAttrib *, unsigne
|
Core
|
Graphics: WebRender
|
nobody
|
RESO
|
DUPL
|
2022-01-21
|
| 1749229
|
|
src/program.h:91:5: runtime error: call to function cs_clip_rectangle_vert::run(cs_clip_rectangle_vert*, char*, unsigned long) through pointer to incorrect function type 'void (*)(glsl::VertexShaderImpl *, char *, unsigned long)'
|
Core
|
Graphics: WebRender
|
nobody
|
RESO
|
DUPL
|
2022-01-21
|
| 1758825
|
|
src/swgl_ext.h:537:16: runtime error: -nan is outside the range of representable values of type 'int'
|
Core
|
Graphics: WebRender
|
nobody
|
RESO
|
DUPL
|
2022-03-10
|
| 1822103
|
|
gecko/dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp:1125:19: runtime error: load of value 70, which is not a valid value for type 'enum AVColorSpace'
|
Core
|
Audio/Video: Playbac
|
nobody
|
RESO
|
WONT
|
2023-05-03
|
| 1453653
|
|
Cherry-pick an upstream FreeType integer overflow fix
|
Core
|
Graphics: Text
|
ryanvm
|
RESO
|
FIXE
|
2018-08-28
|
| 1751818
|
|
src/obj-build/dist/include/mozilla/rlbox/rlbox_sandbox.hpp:280:26: runtime error: call to function gfxFontEntry::GrGetTable through pointer to incorrect function type
|
Core
|
Layout: Text and Fon
|
shravanrn
|
RESO
|
FIXE
|
2022-11-22
|
| 1441404
|
|
UBSan: null pointer passed as argument 2, which is declared to never be null [@ nsTextFragment::Append]
|
Core
|
DOM: Core & HTML
|
smaug
|
RESO
|
FIXE
|
2019-03-13
|
| 1467920
|
|
UBSan: -93.2743 is outside the range of representable values of type 'unsigned int' [@ FireForgetSkippable]
|
Core
|
DOM: Core & HTML
|
smaug
|
RESO
|
FIXE
|
2022-01-18
|
| 1811331
|
|
cfi-derived-cast: Invalid downcast in GetTableSelectionMode
|
Core
|
DOM: Selection
|
smaug
|
RESO
|
FIXE
|
2024-06-02
|
| 1351553
|
|
Divide by zero in [@ mozilla::MediaDecoder::ComputePlaybackRate]
|
Core
|
Audio/Video: Playbac
|
suro001
|
RESO
|
FIXE
|
2017-03-30
|
| 1432678
|
|
UBSan: signed integer overflow in [@ mozilla::image::DecodedSurfaceProvider::LogicalSizeInBytes]
|
Core
|
Graphics: ImageLib
|
tnikkel
|
RESO
|
FIXE
|
2018-02-08
|
| 1432679
|
|
UBSan: signed integer overflow in [@ mozilla::image::nsGIFDecoder2::FinishImageDescriptor]
|
Core
|
Graphics: ImageLib
|
tnikkel
|
RESO
|
FIXE
|
2018-02-08
|
| 1747277
|
|
src/layout/base/nsRefreshDriver.cpp:2439:40: runtime error: -2254.08 is outside the range of representable values of type 'unsigned int'
|
Core
|
Graphics: ImageLib
|
tnikkel
|
RESO
|
FIXE
|
2022-08-31
|
| 1751823
|
|
gecko/mozglue/tests/gtest/TestStackWalk.cpp:138:5: runtime error: call to function StackWalkTester::LeafCallback(int, int, int, StackWalkTester&) through pointer to incorrect function type 'int (*)(int, int, int, StackWalkTester &)'
|
Core
|
mozglue
|
twsmith
|
RESO
|
FIXE
|
2023-03-13
|
| 1798782
|
|
UndefinedBehaviorSanitizer: gecko/dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp:995:19: runtime error: load of value 191, which is not a valid value for type 'enum AVColorSpace'
|
Core
|
Audio/Video: Playbac
|
Zaggy1024
|
RESO
|
FIXE
|
2022-11-23
|
| 1587162
|
|
call to function DnsPrefChanged(char const*, nsHostResolver*) through pointer to incorrect function type in modules/libpref/Preferences.cpp:5040
|
Core
|
Preferences: Backend
|
n.nethercote
|
VERI
|
FIXE
|
2019-11-06
|
| 1451908
|
|
undefined behavior results in negative allocation size
|
Core
|
XSLT
|
ericrahm+bz
|
VERI
|
FIXE
|
2024-05-30
|
| 1292443
|
|
Heap-buffer-overflow WRITE in rasterize_edges_1
|
Core
|
Graphics
|
jmuizelaar
|
VERI
|
FIXE
|
2024-05-30
|
| 1830206
|
|
Assertion failure: StorageCapacity() < std::numeric_limits<int>::max() / 2 (buffer too large for the type of index used.), at /builds/worker/workspace/obj-build/dist/include/mozilla/SPSCQueue.h:111
|
Core
|
Audio/Video: Playbac
|
padenot
|
VERI
|
FIXE
|
2023-12-06
|