1613229
|
|
Conditional jump or move depends on uninitialised value [@ style::properties::shorthands::font_variant::parse_value]
|
Core
|
CSS Parsing and Comp
|
nobody
|
NEW
|
---
|
2022-10-11
|
1536537
|
|
Conditional jump or move depends on uninitialized values in [@ mozilla::FramePointerStackWalk]
|
Core
|
Gecko Profiler
|
nobody
|
NEW
|
---
|
2022-10-11
|
1536243
|
|
Conditional jump or move depends on uninitialized values created by mozilla::FFmpegDataDecoder<57>::InitDecoder
|
Core
|
Audio/Video: Playbac
|
nobody
|
NEW
|
---
|
2024-07-02
|
1538577
|
|
Conditional jump or move depends on uninitialised value(s) [@ mozilla::dom::HTMLInputElement::ParseTime]
|
Core
|
DOM: Core & HTML
|
nobody
|
NEW
|
---
|
2022-10-11
|
1156027
|
|
Read of uninitialized value in unknown_toUtf8 found by clang-analyzer
|
Core
|
XML
|
nobody
|
NEW
|
---
|
2022-10-11
|
1349421
|
|
Integer overflow in dom/media/encoder/OpusTrackEncoder.cpp, potentially leading to disclosure of uninitialized memory
|
Core
|
Audio/Video: Recordi
|
brycebugemail
|
RESO
|
FIXE
|
2017-10-27
|
1663861
|
|
Crash [@ RustMozCrash] through [@ cranelift_codegen::machinst::compile::compile]
|
Core
|
JavaScript: WebAssem
|
bugzilla
|
RESO
|
FIXE
|
2021-04-04
|
1411631
|
|
PluginModuleChromeParent::AnswerGetFileName - Grant Arbitrary File Read Access.
|
Core Graveyard
|
Plug-ins
|
davidp99
|
RESO
|
FIXE
|
2022-05-16
|
1767590
|
|
Uninitialized variable leads to invalid/arbitrary memory read in S/MIME decryption
|
NSS
|
Libraries
|
djackson
|
RESO
|
FIXE
|
2024-05-30
|
1577719
|
|
stack-buffer-overflow in nr_reg_register_callback
|
Core
|
WebRTC: Networking
|
docfaraday
|
RESO
|
FIXE
|
2024-05-30
|
1549768
|
|
ReadableStreamTee_Cancel calls NativeObject::setDenseInitializedLength followed by GC-able code without full dense array initialisation
|
Core
|
JavaScript Engine
|
jorendorff
|
RESO
|
FIXE
|
2020-06-05
|
1679003
|
|
Uninitialised memory read with BigInt right-shift
|
Core
|
JavaScript Engine
|
jorendorff
|
RESO
|
FIXE
|
2021-06-11
|
1864123
|
|
EncryptingOutputStream can write random contents of memory to its base stream
|
Core
|
Storage: Quota Manag
|
jvarga
|
RESO
|
FIXE
|
2024-04-28
|
1451248
|
|
Value default initialization broken by bug 1449051
|
Core
|
JavaScript Engine
|
jwalden
|
RESO
|
FIXE
|
2018-05-09
|
1606148
|
|
addition of unsigned offset to 0xe4e4e4e4e4e4e4e4 overflowed to 0x8181818181818164 in [@ mozilla::dom::PrepareBufferArrays]
|
Core
|
Web Audio
|
karlt
|
RESO
|
FIXE
|
2020-06-05
|
1640260
|
|
Uninitialized/allocated pointer in NSC_GenerateKey could be freed, leading to buffer overflow
|
NSS
|
Libraries
|
kjacobs.bugzilla
|
RESO
|
FIXE
|
2020-12-18
|
1411415
|
|
Initialize Values to undefined by default
|
Core
|
JavaScript Engine
|
kvijayan
|
RESO
|
FIXE
|
2018-08-28
|
1225290
|
|
FFMPEG: use-of-uninitialized-value in [@av_log_default_callback]
|
Core
|
Audio/Video: Playbac
|
nobody
|
RESO
|
INVA
|
2015-12-16
|
1225306
|
|
FFMPEG: use-of-uninitialized-value in [@avcodec_string]
|
Core
|
Audio/Video: Playbac
|
nobody
|
RESO
|
INVA
|
2015-12-16
|
1225318
|
|
FFMPEG: use-of-uninitialized-value in [@av_bswap32]
|
Core
|
Audio/Video: Playbac
|
nobody
|
RESO
|
INVA
|
2015-11-18
|
1225653
|
|
FFMPEG: use-of-uninitialized-value in [@av_clip_uintp2_c]
|
Core
|
Audio/Video: Playbac
|
nobody
|
RESO
|
FIXE
|
2015-12-14
|
1351196
|
|
Use of uninitialized memory in libavcodec-ffmpeg
|
Core
|
Audio/Video: Playbac
|
nobody
|
RESO
|
INVA
|
2020-01-09
|
1333752
|
|
Incorrect size for memset in VCMRttFilter::Reset() and libvpx
|
Core
|
WebRTC: Audio/Video
|
rjesup
|
RESO
|
FIXE
|
2018-08-24
|
1541580
|
|
OOM during ProxyObject create leaves partially initialized object in GC
|
Core
|
JavaScript Engine
|
tcampbell
|
RESO
|
FIXE
|
2022-01-07
|
1412646
|
|
[Static Analysis] Uninitialized fields in some classes of security/manager
|
Core
|
Security: PSM
|
tristanbourvon
|
RESO
|
FIXE
|
2018-11-05
|
1192020
|
|
MSan: use-of-uninitialized-value in nssutil_DupnCat()
|
NSS
|
Libraries
|
wtc
|
RESO
|
FIXE
|
2016-07-02
|
1538580
|
|
Conditional jump or move depends on uninitialized values in [@ mp4parse::read_stsd]
|
Core
|
Audio/Video: Playbac
|
brycebugemail
|
RESO
|
FIXE
|
2020-01-02
|
1580320
|
|
Possible use of uninitialized memory in PeerConnectionImpl::GetFingerprint
|
Core
|
WebRTC: Signaling
|
choller
|
RESO
|
FIXE
|
2022-01-10
|
1349816
|
|
valgrind reports use of uninitialized memory [@ nsSliderFrame::CurrentPositionChanged]
|
Core
|
Panning and Zooming
|
dholbert
|
RESO
|
FIXE
|
2017-03-27
|
1839829
|
|
Crash in [@ libpipewire-0.3.so.0@0x85a8b] (from VideoCaptureModulePipeWire::StopCapture())
|
Core
|
WebRTC: Audio/Video
|
jgrulich
|
RESO
|
FIXE
|
2024-01-03
|
1269776
|
|
nestegg: use-of-uninitialized-value in [@ne_find_cue_point_for_tstamp]
|
Core
|
Audio/Video: Playbac
|
kinetik
|
RESO
|
FIXE
|
2016-05-19
|
1419609
|
|
UBSan: load of value which is not a valid value for type 'bool' [@ nsDisplayListBuilder::WrapAGRForFrame]
|
Core
|
Web Painting
|
matt.woodrow
|
RESO
|
FIXE
|
2017-12-15
|
1575584
|
|
load of value, which is not a valid value for type 'bool' in /src/editor/libeditor/TextEditor.cpp:1889
|
Core
|
DOM: Editor
|
mbrodesser
|
RESO
|
FIXE
|
2019-08-23
|
1602333
|
|
load of value 228, which is not a valid value for type 'bool' in src/dom/fetch/InternalRequest.cpp:161
|
Core
|
DOM: Networking
|
me
|
RESO
|
FIXE
|
2020-01-23
|
1536340
|
|
Conditional jump or move depends on uninitialized values created by [@ mozilla::Box::Box]
|
Core
|
Audio/Video: Playbac
|
nobody
|
RESO
|
FIXE
|
2020-05-19
|
1536708
|
|
Conditional jump or move depends on uninitialized values in [@ mp4parse::read_sinf]
|
Core
|
Audio/Video: Playbac
|
nobody
|
RESO
|
FIXE
|
2020-01-02
|
1815987
|
|
Logic errors cause potential use of uninitialized data in nsDataObj::CStream::OnDataAvailable()
|
Core
|
Widget: Win32
|
rkraesig
|
RESO
|
FIXE
|
2024-05-30
|
1174781
|
|
PR_GetInheritedFD can use uninitialized variables
|
NSPR
|
NSPR
|
wtc
|
RESO
|
FIXE
|
2015-12-08
|
1613195
|
|
Valgrind: Syscall param sendmsg(msg.msg_iov[1]) points to uninitialised byte(s)
|
Core
|
Panning and Zooming
|
botond
|
RESO
|
FIXE
|
2020-06-05
|
1770006
|
|
heap-use-after-free in [@ gfxFontGroup::FindFontForChar]
|
Core
|
Graphics: Text
|
jfkthame
|
RESO
|
FIXE
|
2023-01-16
|
1466449
|
|
Update HTML parser Tokenizer.java and StackNode.java for bug 1453795
|
Core
|
DOM: HTML Parser
|
jonathan
|
RESO
|
FIXE
|
2019-01-17
|
1771495
|
|
Uninitialized value in HASH_GetHashTypeByOidTag (sechash.c:182)
|
NSS
|
Tools
|
jschanck
|
RESO
|
FIXE
|
2022-06-06
|
1771497
|
|
Uninitialized value in cert_VerifyCertChainOld
|
NSS
|
Tools
|
jschanck
|
RESO
|
FIXE
|
2022-06-06
|
1771498
|
|
Uninitialized value in cert_ComputeCertType
|
NSS
|
Tools
|
jschanck
|
RESO
|
FIXE
|
2023-01-16
|
1613009
|
|
Valgrind: Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s)
|
Core
|
Graphics: Layers
|
kats
|
RESO
|
FIXE
|
2023-11-27
|
1620719
|
|
Valgrind: Syscall param sendmsg(msg.msg_iov[1]) points to uninitialised byte(s)
|
Core
|
Panning and Zooming
|
kats
|
RESO
|
FIXE
|
2023-11-27
|
1668589
|
|
UndefinedBehaviorSanitizer: mozilla/Maybe.h:295:46: runtime error: load of value 95869805, which is not a valid value for type 'typename std::remove_reference<ABIFunctionType &>::type'
|
Core
|
JavaScript: WebAssem
|
lhansen
|
RESO
|
FIXE
|
2021-11-22
|
1439435
|
|
UBSan: load of value which is not a valid value for type 'bool' [@ mozInlineSpellChecker::DidSplitNode]
|
Core
|
Spelling checker
|
m_kato
|
RESO
|
FIXE
|
2019-07-11
|
976838
|
|
Deleting ProcessLink before ::Open may access uninitialized mTransport/mIOLoop
|
Core
|
IPC
|
nobody
|
RESO
|
FIXE
|
2020-02-16
|
1251066
|
|
[harfbuzz] Use of uninitialized memory in [@hb_ot_layout_feature_get_lookups]
|
Core
|
Graphics: Text
|
nobody
|
RESO
|
FIXE
|
2020-02-16
|
1262905
|
|
JPEG triggers multiple undefined memory usage reports [@ClampTo8]
|
Core
|
Graphics: ImageLib
|
nobody
|
RESO
|
WONT
|
2023-12-10
|
1270288
|
|
freetype2: use of uninitialised value in [@cf2_glyphpath_lineTo]
|
Core
|
Graphics: Text
|
nobody
|
RESO
|
FIXE
|
2017-10-26
|
1354298
|
|
Possible buffer overflow in nsPrefBranch::NotifyObserver
|
Core
|
Preferences: Backend
|
nobody
|
RESO
|
INCO
|
2024-02-10
|
1526107
|
|
OpenH264: use-of-uninitialized-value in [@ H264DecodeInstance]
|
Core
|
Audio/Video: GMP
|
nobody
|
RESO
|
FIXE
|
2022-09-09
|
1538578
|
|
Conditional jump or move depends on uninitialised value(s) [@ style::properties::ShorthandId::get_shorthand_appendable_value]
|
Core
|
CSS Parsing and Comp
|
nobody
|
RESO
|
FIXE
|
2020-01-02
|
1566503
|
|
use-of-uninitialized-value in [@qcms_transform_module_matrix]
|
Core
|
Graphics: Color Mana
|
nobody
|
RESO
|
DUPL
|
2020-02-26
|
1412644
|
|
[Static Analysis] Uninitialized fields in some classes of widget
|
Core
|
Widget
|
tristanbourvon
|
RESO
|
DUPL
|
2023-01-16
|
1533842
|
|
Intermittent netwerk/test/crashtests/675518.html (finished) | application terminated with exit code 1 after UndefinedBehaviorSanitizer: undefined-behavior /builds/worker/workspace/build/src/dom/ipc/ContentParent.cpp:3356
|
Core
|
DOM: Content Process
|
gsvelto
|
RESO
|
FIXE
|
2020-06-05
|
798802
|
|
mixing webgl and 2d context causes crashes
|
Core
|
Graphics: Canvas2D
|
ajones
|
RESO
|
FIXE
|
2013-04-18
|
1313385
|
|
WebSocketImpl::WebSocketImpl does not initialise mSecure
|
Core
|
DOM: Core & HTML
|
amarchesini
|
RESO
|
FIXE
|
2019-03-13
|
1167320
|
|
DataSourceSurfaceD2D1::Map using uninitialized memory
|
Core
|
Graphics
|
andrew
|
RESO
|
DUPL
|
2024-05-30
|
1167356
|
|
YCbCrImageDataDeserializer::ToDataSourceSurface using uninitialized memory
|
Core
|
Graphics: Layers
|
andrew
|
RESO
|
FIXE
|
2024-05-30
|
1167393
|
|
DataTextureSourceD3D11::Update using uninitialized memory
|
Core
|
Graphics: Layers
|
andrew
|
RESO
|
DUPL
|
2024-05-30
|
1100325
|
|
Uninitialised value use in mozilla::image::imgFrame::Optimize
|
Core
|
Graphics: ImageLib
|
aosmond
|
RESO
|
INCO
|
2024-02-10
|
876762
|
|
ABORT: bad scope for new JSObjects: 'js::IsObjectInContextCompartment(lccx.GetScopeForNewJSObjects(), cx)' under ReparentWrapper / document.open
|
Core
|
XPConnect
|
bholley
|
RESO
|
FIXE
|
2014-11-19
|
1811852
|
|
Firefox crashes on Windows when printing a page (sometimes)
|
Toolkit
|
Printing
|
bobowencode
|
RESO
|
FIXE
|
2024-06-02
|
525063
|
|
Analysis to produce an error on uninitialized class members
|
Developer Infrastruc
|
Source Code Analysis
|
bpostelnicu
|
RESO
|
FIXE
|
2022-08-17
|
1453795
|
|
uninitialized class members: Review of fixes by 525063 per module
|
Developer Infrastruc
|
Source Code Analysis
|
bpostelnicu
|
RESO
|
FIXE
|
2022-08-17
|
867863
|
|
Crash [@ mozilla::dom::ReportLenientThisUnwrappingFailure] after navigation to another origin
|
Core
|
DOM: Core & HTML
|
bzbarsky
|
RESO
|
FIXE
|
2019-03-13
|
1534593
|
|
Intermittent PROCESS-CRASH | Main app process exited normally | application crashed [@ js::TenuringTracer::traverse<JSObject>(JSObject**)]
|
Core
|
DOM: Bindings (WebID
|
bzbarsky
|
RESO
|
FIXE
|
2020-06-04
|
1814790
|
|
firefox-bin: /builds/worker/checkouts/gecko/third_party/dav1d/src/refmvs.c:182: union mv mv_projection(const union mv, const int, const int): Assertion `den > 0 && den < 32' failed.
|
Core
|
Graphics: ImageLib
|
cchang
|
RESO
|
FIXE
|
2023-10-17
|
779669
|
|
nsCanvasRenderingContext2DAzure::GetMozDash does not set the error result
|
Core
|
DOM: Core & HTML
|
continuation
|
RESO
|
FIXE
|
2019-03-13
|
1025170
|
|
Selection::Modify fails to return with unimplemented cases
|
Core
|
DOM: Selection
|
continuation
|
RESO
|
FIXE
|
2018-07-06
|
1188234
|
|
nsXULPrototypeElement::Deserialize doesn't bounds check when accessing aNodeInfos
|
Core
|
XUL
|
continuation
|
RESO
|
FIXE
|
2015-08-13
|
949353
|
|
dom/workers/WorkerPrivate.cpp: [-Wsometimes-uninitialized] variable 'preventDefaultCalled' is used uninitialized whenever 'if' condition is false
|
Core
|
DOM: Workers
|
cpeterson
|
RESO
|
FIXE
|
2013-12-19
|
1272983
|
|
Heap-buffer-overflow & crash in nsIFrame::GetUsedMargin (or in debug build: "Assertion failure: mMargin.ConvertsToLength(), at layout/style/nsStyleStruct.h:839")
|
Core
|
Layout
|
dholbert
|
RESO
|
FIXE
|
2024-05-30
|
1358200
|
|
Hide Tooltip with Stylish crashes Firefox
|
Core
|
XUL
|
dholbert
|
RESO
|
FIXE
|
2017-10-24
|
1117617
|
|
Uninitialized return value in nss_dbm_db_set_label()
|
NSS
|
Libraries
|
dkeeler
|
RESO
|
FIXE
|
2015-03-16
|
1117621
|
|
Uninitialized value used in nss_ckmk_CreateObject()
|
NSS
|
Libraries
|
dkeeler
|
RESO
|
FIXE
|
2015-02-24
|
1619431
|
|
Possible use of uninitialized memory in vp8_rd_pick_inter_mode
|
Core
|
Audio/Video
|
dminor
|
RESO
|
FIXE
|
2024-05-30
|
1026774
|
|
malloc of undefined size in stun_get_mib_addrs in rare cases
|
Core
|
WebRTC: Networking
|
docfaraday
|
RESO
|
FIXE
|
2016-06-04
|
1109540
|
|
Conditional jump or move depends on uninitialised value(s) at mozilla::GStreamerReader::NotifyDataArrived
|
Core
|
Audio/Video
|
edwin.bugs
|
RESO
|
FIXE
|
2016-06-04
|
1223139
|
|
Valgrind: Use of uninitialised memory [@mozilla::PaintedLayerData::Accumulate]
|
Core
|
Graphics
|
edwin.bugs
|
RESO
|
DUPL
|
2016-11-02
|
1292402
|
|
Use of uninitialised value in [@mozilla::gfx::FilterProcessing::DoUnpremultiplicationCalculation_SSE2]
|
Core
|
Graphics: Canvas2D
|
edwin.bugs
|
RESO
|
FIXE
|
2017-08-28
|
1368690
|
|
Crash in mozilla::CSSStyleSheet::ClearRuleCascades
|
Core
|
CSS Parsing and Comp
|
emilio
|
RESO
|
FIXE
|
2021-11-19
|
1432323
|
|
UBSan: member access within address 0x6030002a4d80 which does not point to an object of type 'nsCOMArrayEnumerator' in /xpcom/ds/nsArrayEnumerator.cpp:197
|
Core
|
XPCOM
|
ericrahm+bz
|
RESO
|
FIXE
|
2018-11-05
|
1465186
|
|
Destruction of uninitialized pointers in sftkdb_DecryptAttribute()
|
NSS
|
Libraries
|
franziskuskiefer
|
RESO
|
FIXE
|
2024-05-30
|
1465241
|
|
Use of uninitialized pointers in ReadDBSubjectEntry()
|
NSS
|
Libraries
|
franziskuskiefer
|
RESO
|
FIXE
|
2024-05-30
|
1156974
|
|
TSan: data race netwerk/cache2/CacheFileIOManager.h:51 IsDoomed
|
Core
|
Networking: Cache
|
froydnj+bz
|
RESO
|
FIXE
|
2016-07-02
|
1439723
|
|
Nullable::SetValue leads to footguns in the animation code
|
Core
|
DOM: Animation
|
froydnj+bz
|
RESO
|
FIXE
|
2018-11-05
|
1440465
|
|
uninitialized memory accesses in AutoPointerEventTargetUpdater
|
Core
|
Layout
|
froydnj+bz
|
RESO
|
FIXE
|
2018-08-28
|
851796
|
|
IonMonkey: Assertion failure: ins->type() == MIRType_Value, at ion/MIR.h:1795 or Crash on Heap with use of uninitialized value
|
Core
|
JavaScript Engine
|
general
|
RESO
|
DUPL
|
2015-06-17
|
883686
|
|
valgrind errors in JS testsuite ("conditional jumps on uninitialized data")
|
Core
|
JavaScript Engine
|
hv1989
|
RESO
|
FIXE
|
2024-05-30
|
886282
|
|
OdinMonkey: Assertion failure: it.isBaselineJS(), at ion/IonFrames.cpp:1034 or Assertion failure: retAddr != __null, at ion/IonFrames.cpp:1012 or Crash [@ js::ion::IonFrameIterator::script] or Crash [@ containsReturnAddress]
|
Core
|
JavaScript Engine
|
hv1989
|
RESO
|
DUPL
|
2015-06-17
|
1609607
|
|
C-C TB mochitest+valgrind uncovered uninitialized memory access.: MD5 is calculated accessing uninitialized area.
|
MailNews Core
|
Backend
|
ishikawa
|
RESO
|
FIXE
|
2020-08-08
|
1833517
|
|
Assertion failure: !templateObj->hasDynamicSlots(), at jit/WarpBuilder.cpp:325
|
Core
|
JavaScript Engine: J
|
jcoppeard
|
RESO
|
FIXE
|
2024-06-13
|
809021
|
|
IonMonkey: Opt-only Crash [@ GetValueType] or Crash [@ js::ion::ReflowTypeInfo]
|
Core
|
JavaScript Engine
|
jdemooij
|
RESO
|
FIXE
|
2013-04-18
|
999358
|
|
MLambdaArrow should initialize the unused extended slot
|
Core
|
JavaScript Engine: J
|
jdemooij
|
RESO
|
FIXE
|
2016-06-04
|
1261135
|
|
graphite2: use of uninitialized memory in [@graphite2::Pass::testConstraint]
|
Core
|
Graphics: Text
|
jfkthame
|
RESO
|
FIXE
|
2017-01-05
|
1358551
|
|
Graphite2: use of uninitialized memory [@ graphite2::GlyphCache::Loader::read_glyph]
|
Core
|
Graphics: Text
|
jfkthame
|
RESO
|
FIXE
|
2017-10-26
|
888107
|
|
We don't clear newly allocated WebGL array buffers if their contents are not initially specified
|
Core
|
Graphics: CanvasWebG
|
jgilbert
|
RESO
|
FIXE
|
2014-11-19
|
1111065
|
|
Inadequate robustness of Chromium IPC Pickle code
|
Core
|
IPC
|
jld
|
RESO
|
FIXE
|
2016-07-02
|
1191463
|
|
Mishandling return status in ReadbackResultWriterD3D11::Run might cause memory-safety bug
|
Core
|
Graphics
|
jnicol
|
RESO
|
FIXE
|
2024-05-30
|
1454072
|
|
Use of uninitialized pointer in lg_init()
|
NSS
|
Libraries
|
jschanck
|
RESO
|
FIXE
|
2024-05-30
|
1318012
|
|
SandboxBrokerCommon::SendWithFd sends uninitialised stack-allocated data out of process
|
Core
|
Security: Process Sa
|
jseward
|
RESO
|
FIXE
|
2017-06-22
|
1792092
|
|
src/accessible/ipc/win/RemoteAccessible.cpp:41:21: runtime error: load of value 190, which is not a valid value for type 'bool'
|
Core
|
Disability Access AP
|
jteh
|
RESO
|
FIXE
|
2022-10-05
|
852563
|
|
Assertion failure: v->toGCThing(), at gc/Marking.cpp:472 with uninitialized value
|
Core
|
JavaScript Engine
|
jwalden
|
RESO
|
FIXE
|
2013-11-06
|
1619432
|
|
Use of uninitialized memory in ff_get_format (ffvpx)
|
Core
|
Audio/Video
|
jya-moz
|
RESO
|
FIXE
|
2024-05-30
|
1356387
|
|
Crash in Abort | IPDL error [PVRManagerChild]: "Error deserializing 'VRHMDSensorState'". abort... | mozalloc_abort | NS_DebugBreak | mozilla::ipc::FatalError | mozilla::dom::ContentChild::FatalErrorIfNotUsingGPUProcess | mozilla::gfx::PVRManagerChild::...
|
Core
|
WebVR
|
kearwood
|
RESO
|
FIXE
|
2017-08-28
|
1746934
|
|
src/layout/generic/nsIFrame.cpp:9228:50: runtime error: load of value 224, which is not a valid value for type 'bool'
|
Core
|
Layout
|
krosylight
|
RESO
|
FIXE
|
2021-12-21
|
1167370
|
|
TextRenderer::RenderText using uninitialized memory
|
Core
|
Graphics: Text
|
kyle_fung
|
RESO
|
FIXE
|
2024-05-30
|
1167332
|
|
rx::d3d11::SetBufferData using uninitialized memory
|
Core
|
Graphics: CanvasWebG
|
lsalzman
|
RESO
|
FIXE
|
2024-05-30
|
1412942
|
|
heap buffer overflow READ of size 4 when printing mozilla.org (ASAN)
|
Core
|
Graphics
|
lsalzman
|
RESO
|
FIXE
|
2018-11-05
|
1143130
|
|
nsTextFrame::GetCharacterOffsetAtFrame returns uninitialized nsIFrame::ContentOffsets
|
Core
|
Layout
|
MatsPalmgren_bugz
|
RESO
|
FIXE
|
2018-07-06
|
1207298
|
|
MSan: use-of-uninitialized-value in ReadHuffmanCode
|
Core
|
Networking: HTTP
|
mcmanus
|
RESO
|
FIXE
|
2016-07-02
|
1336699
|
|
Uninitialized value in nsFtpState::R_pasv
|
Core Graveyard
|
Networking: FTP
|
mcmanus
|
RESO
|
FIXE
|
2024-02-08
|
1338548
|
|
Uninitialized rv in PendingGlobalHistoryEntry::ApplyChanges(IHistory* aHistory)
|
Core
|
DOM: Navigation
|
nika
|
RESO
|
FIXE
|
2017-02-11
|
1348143
|
|
Use of uninitialized objects / use after free causes memory corruption via DataTransfer::FillInExternalCustomTypes()
|
Core
|
DOM: Copy & Paste an
|
nika
|
RESO
|
FIXE
|
2024-05-30
|
949800
|
|
variable 'preventDefaultCalled' is used uninitialized whenever 'if' condition is false
|
Core
|
DOM: Workers
|
nobody
|
RESO
|
DUPL
|
2013-12-12
|
1019892
|
|
propFlags is uninitialized in jsd_GetValueProperty if JS_GetPropertyById returns null
|
Core
|
JavaScript Engine
|
nobody
|
RESO
|
WONT
|
2018-07-06
|
1025164
|
|
|mathVar| is uninitialized in MathMLTextRunFactory::RebuildTextRun when |length == 0|
|
Core
|
MathML
|
nobody
|
RESO
|
DUPL
|
2018-07-06
|
1109545
|
|
Conditional jump or move depends on uninitialised value(s) in mozilla::MediaStreamGraphImpl::UpdateStreamOrder
|
Core
|
Audio/Video
|
nobody
|
RESO
|
DUPL
|
2016-10-14
|
1109546
|
|
Conditional jump or move depends on uninitialised value(s) at webrtc::VCMQmResolution::GoingDownResolution
|
Core
|
WebRTC
|
nobody
|
RESO
|
DUPL
|
2016-10-14
|
1118751
|
|
Autophone - PROFILE-ERROR | No crash directory (/data/local/tmp/profile/minidumps) found on remote device for Android 2.3
|
Firefox for Android
|
Profile Handling
|
nobody
|
RESO
|
FIXE
|
2020-12-21
|
1166724
|
|
mozilla::hal_impl::EnableSensorNotifications: buffer overwrite at startup, leading to crash
|
Core Graveyard
|
Widget: Gonk
|
nobody
|
RESO
|
WONT
|
2020-08-08
|
1207256
|
|
MSan: use-of-uninitialized-value in BrotliDecompressedSize
|
Core
|
Networking: HTTP
|
nobody
|
RESO
|
FIXE
|
2016-07-02
|
1209355
|
|
Valgrind: Syscall param write(buf) points to uninitialised byte(s) BrotliFileOutputFunction (streams.c:117)
|
Core
|
Layout: Text and Fon
|
nobody
|
RESO
|
FIXE
|
2016-07-02
|
1209358
|
|
Valgrind: Use of uninitialised value BrotliDecompress (decode.c:964)
|
Core
|
Layout: Text and Fon
|
nobody
|
RESO
|
FIXE
|
2016-07-02
|
1209365
|
|
MSan: use-of-uninitialized-value in ReadSymbol (decode.c:120)
|
Core
|
Layout: Text and Fon
|
nobody
|
RESO
|
FIXE
|
2016-07-02
|
1209366
|
|
MSan: use-of-uninitialized-value ReadHuffmanCode
|
Core
|
Layout: Text and Fon
|
nobody
|
RESO
|
FIXE
|
2016-07-02
|
1209367
|
|
MSan: use-of-uninitialized-value in BrotliDecompress (decode.c:963)
|
Core
|
Layout: Text and Fon
|
nobody
|
RESO
|
DUPL
|
2016-11-02
|
1209368
|
|
MSan: use-of-uninitialized-value in DecodeVarLenUint8 (decode.c:81)
|
Core
|
Layout: Text and Fon
|
nobody
|
RESO
|
FIXE
|
2016-05-26
|
1209596
|
|
MSan: use-of-uninitialized-value in BrotliDecompress(decode.c:820)
|
Core
|
Layout: Text and Fon
|
nobody
|
RESO
|
FIXE
|
2016-07-02
|
1210485
|
|
MSan: use-of-uninitialized-value in pcf_read_TOC (pcfread.c:105)
|
Core
|
Layout: Text and Fon
|
nobody
|
RESO
|
INVA
|
2015-11-10
|
1211070
|
|
OpenH264: MSan use-of-uninitialized-value in WelsStrcat
|
Core
|
Audio/Video: GMP
|
nobody
|
RESO
|
FIXE
|
2022-09-09
|
1225292
|
|
FFMPEG: use-of-uninitialized-value in [@ff_get_cpu_flags_x86]
|
Core
|
Audio/Video: Playbac
|
nobody
|
RESO
|
INVA
|
2016-01-12
|
1225309
|
|
FFMPEG: use-of-uninitialized-value in [@h264_filter_mb_fast_internal]
|
Core
|
Audio/Video: Playbac
|
nobody
|
RESO
|
INVA
|
2015-11-18
|
1225312
|
|
FFMPEG: use-of-uninitialized-value in [@decode_cabac_residual_internal]
|
Core
|
Audio/Video: Playbac
|
nobody
|
RESO
|
INVA
|
2015-11-18
|
1228659
|
|
Use of uninitialized values in [@mozilla::PaintedLayerData::Accumulate]
|
Core
|
Layout
|
nobody
|
RESO
|
WORK
|
2017-11-15
|
1243464
|
|
Use of uninitialised memory in [@graphite2::TtfUtil::GetTableInfo]
|
Core
|
Graphics: Text
|
nobody
|
RESO
|
FIXE
|
2016-09-22
|
1243597
|
|
Use of uninitialised memory in [@graphite2::FileFace::get_table_fn]
|
Core
|
Graphics: Text
|
nobody
|
RESO
|
FIXE
|
2016-09-22
|
1255505
|
|
graphite2: use of uninitialized memory in [@graphite2::vm::Machine::run]
|
Core
|
Graphics: Text
|
nobody
|
RESO
|
FIXE
|
2016-09-22
|
1255640
|
|
graphite2: use of uninitialized memory in [@graphite2::Face::Table::decompress]
|
Core
|
Graphics: Text
|
nobody
|
RESO
|
FIXE
|
2016-09-22
|
1255778
|
|
Uninitialised value uses in nsDOMWindowUtils::CompareCanvases
|
Core
|
Graphics: ImageLib
|
nobody
|
RESO
|
WORK
|
2017-11-15
|
1257649
|
|
graphite2: use of uninitialized memory in [@graphite2::vm::Machine::run]
|
Core
|
Graphics: Text
|
nobody
|
RESO
|
FIXE
|
2016-09-22
|
1262903
|
|
JPEG triggers multiple undefined memory usage reports [@core_combine_over_u_sse2_no_mask]
|
Core
|
Graphics: ImageLib
|
nobody
|
RESO
|
DUPL
|
2019-08-07
|
1349390
|
|
Integer overflow in dom/xslt/xslt/txNodeSorter.cpp, potentially leading to double-free or uninitialized memory
|
Core
|
XSLT
|
nobody
|
RESO
|
INVA
|
2018-06-05
|
1663767
|
|
Use of uninitialised value of size 8 in film_grain.asm
|
Core
|
Graphics: ImageLib
|
nobody
|
RESO
|
WONT
|
2020-09-10
|
1838027
|
|
MP3 demuxer crashes in mozilla::FrameParser::VBRHeader::Parse on pi.ytmnd.com
|
Core
|
Audio/Video
|
padenot
|
RESO
|
FIXE
|
2023-08-01
|
914017
|
|
Stack-buffer-overflow in txXPathNodeUtils::getBaseURI
|
Core
|
XSLT
|
peterv
|
RESO
|
FIXE
|
2024-05-30
|
1521360
|
|
Two potential loads from uninitialized memory in Prio serial_read_mp_array and read_packet_client
|
Toolkit
|
Telemetry
|
rhelmer
|
RESO
|
FIXE
|
2024-05-30
|
1064320
|
|
NSC_Encrypt returns uninitialised garbage which is handed onwards to realloc
|
Core
|
Security
|
rlb
|
RESO
|
FIXE
|
2016-06-04
|
1761275
|
|
SEGV on libwebp WebPSafeFree -> malloc_decls.h free
|
Core
|
Graphics: ImageLib
|
ryanvm
|
RESO
|
FIXE
|
2024-05-30
|
1276413
|
|
Clear the buffer we allocate for paletted image frames
|
Core
|
Graphics: ImageLib
|
seth.bugzilla
|
RESO
|
FIXE
|
2017-08-28
|
916580
|
|
Use of uninitialized memory, and buffer size computations not checked for overflow
|
Core
|
JavaScript Engine
|
sunfish
|
RESO
|
FIXE
|
2024-05-30
|
1348931
|
|
Possible integer overflow in allocation size in SilentChunk::SilentChunk?
|
Core
|
Audio/Video: Playbac
|
suro001
|
RESO
|
FIXE
|
2018-02-01
|
1416344
|
|
network.http.referer.XOriginTrimmingPolicy to above 0 or network.http.referer.trimmingPolicy==2 crashes tabs
|
Core
|
Networking: HTTP
|
tnguyen
|
RESO
|
FIXE
|
2017-11-20
|
1187420
|
|
MSan use-of-uninitialized-value jdhuff.c:668 in decode_mcu_fast
|
Core
|
Graphics: ImageLib
|
tnikkel
|
RESO
|
FIXE
|
2016-09-22
|
1349621
|
|
Use of uninitialized memory [@ NS_GetFinalChannelURI]
|
Core
|
Networking
|
twsmith
|
RESO
|
FIXE
|
2017-10-26
|
1341149
|
|
Use of uninitialized value in SetupImageLayerClip
|
Core
|
Web Painting
|
u459114
|
RESO
|
FIXE
|
2017-04-11
|
1167326
|
|
CompositorD3D11::DrawVRDistortion using uninitialized memory
|
Core
|
Graphics: Layers
|
vladimir
|
RESO
|
FIXE
|
2015-11-03
|
1722204
|
|
AddressSanitizer: attempting double-free from gfx::RecordedFillGlyphs and UAF (0xe5e5e5e5e5e5e5e5 on crash report)
|
Core
|
Graphics: Layers
|
bobowencode
|
VERI
|
FIXE
|
2024-05-30
|
1795845
|
|
Assertion failure: isDouble(), at js/Value.h:916 with enableShellAllocationMetadataBuilder and module
|
Core
|
JavaScript Engine
|
jcoppeard
|
VERI
|
FIXE
|
2023-12-06
|
1494752
|
|
Crash [@ js::CheckTracedThing<JSString>] with OOM and invalid read
|
Core
|
JavaScript Engine
|
jwalden
|
VERI
|
FIXE
|
2023-12-06
|
1513614
|
|
Crash [@ JSRope::flatten] with GC and TypedObject
|
Core
|
JavaScript Engine
|
nobody
|
VERI
|
FIXE
|
2023-12-06
|
1343723
|
|
Crash [@ js::jit::MachineState::read] involving Promise
|
Core
|
JavaScript Engine: J
|
tcampbell
|
VERI
|
FIXE
|
2023-12-06
|
866825
|
|
nsDOMSVGZoomEvent::m{Previous,New}Scale are used uninitialized
|
Core
|
DOM: Events
|
amarchesini
|
VERI
|
FIXE
|
2013-11-25
|
980450
|
|
Crash [@ js::HasOwnProperty<(js::AllowGC)0>]
|
Core
|
JavaScript Engine
|
bhackett1024
|
VERI
|
FIXE
|
2015-05-18
|
1252707
|
|
Crash [@ IsInsideNursery] with OOM and use-after-free
|
Core
|
JavaScript Engine
|
bhackett1024
|
VERI
|
FIXE
|
2017-05-09
|
1882921
|
|
/builds/worker/checkouts/gecko/layout/svg/SVGTextFrame.cpp:2605:7: runtime error: load of value 31, which is not a valid value for type 'bool'
|
Core
|
SVG
|
dholbert
|
VERI
|
FIXE
|
2024-03-26
|
795745
|
|
Conditional jump or move depends on uninitialised value(s) [@ ComputePrecisionInRange]
|
Core
|
JavaScript Engine
|
jwalden
|
VERI
|
FIXE
|
2012-12-13
|
1045977
|
|
Apparent info leak caused by uninitialized memory with malformed GIFs
|
Core
|
Graphics: ImageLib
|
mwu.code
|
VERI
|
FIXE
|
2024-05-30
|
1778390
|
|
demo demo
|
Invalid Bugs
|
General
|
nobody
|
VERI
|
INVA
|
2022-07-06
|
888820
|
|
Heap-buffer-overflow READ in nsHtml5TreeBuilder::resetTheInsertionMode()
|
Core
|
DOM: HTML Parser
|
william
|
VERI
|
FIXE
|
2024-05-30
|
1858423
|
|
Crash when loading Spritely Wasm GC demo twice
|
Core
|
JavaScript: WebAssem
|
ydelendik
|
VERI
|
FIXE
|
2024-06-02
|