GLib 2.78.2 crashes Firefox
With GLib 2.78.2, I can reliably crash Firefox:
- Start Firefox
- Press Ctrl+O to open a file picker
- Select the Documents folder (which contains quite a bit of stuff)
- Firefox either freezes (GIO pool thread stuck in
free
→WasmTrapHandler
→__get_tls_addr
→malloc
) or immediately crashes with a double free error.
From what I can tell, this is the result of a recursive call of one of the functions modified in !29 (merged) realloc
ating the seen
array, but not communicating the new address to the parent function, which then free
s the old allocation.