Closed Bug 1156342 Opened 9 years ago Closed 9 years ago

OpenH264: global-buffer-overflow crash [@WelsDec::ParseScalingList]

Categories

(Core :: Audio/Video: GMP, defect)

Product:
Core
Component:
Audio/Video: GMP
Platform:
x86_64
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox37 --- unaffected
firefox38 --- unaffected
firefox38.0.5 --- unaffected
firefox39 --- unaffected
firefox40 --- unaffected
firefox41 --- unaffected
firefox42 --- unaffected
firefox-esr31 --- unaffected
firefox-esr38 --- unaffected

People

(Reporter: posidron, Unassigned)

References

(Blocks 1 open bug)

Details

(4 keywords)

Attachments

(2 files)

testcase.264
556.83 KB, application/octet-stream
Details
callstack
3.27 KB, text/plain
Details
Attached file callstack 

    
    

    
  
I just replicated this crash with the master branch, but I cannot replicate it with the v1.4-Firefox38 branch (gives a 'Feature not supported' message).   So we need to fix this before the next version, but this shouldn't hold up the v1.4 rollout.

    
    

    
  
This problem has been fixed in commit dac1363

    
    

    
  
please kindly check if it works. thanks
Flags: needinfo?(cdiehl)

    
    

    
  
Tracking for 38+ since this is sec-critical. 
Christoph, which platforms and versions are affected?  Do you need extra QA help?

          status-firefox40:
          --- → affected

          tracking-firefox38:
          --- → +

          tracking-firefox39:
          --- → +

          tracking-firefox40:
          --- → +

    
    

    
  
No Firefox versions are affected.  This is a bug in code that was added since v1.4 of OpenH264 was made.

    
    

    
  
unmarking tracking as this applies to an unreleased version of the plugin.

          status-firefox40:
          affectedunaffected

          tracking-firefox38:
          + → ---

          tracking-firefox39:
          + → ---

          tracking-firefox40:
          + → ---
Group: core-security
Component: WebRTC: Audio/Video → OpenH264
Product: Core → Plugins

    
    

    
  
This should now be fixed by the rollout of OpenH264 v1.4 - bug 1133784.
Status: NEW → RESOLVED
Closed: 9 years ago
Depends on: 1133784
Resolution: --- → FIXED

    
    

    
  
Closed this by mistake, this bug was found in post-1.4 code.
Status: RESOLVED → REOPENED
No longer depends on: 1133784
Resolution: FIXED → ---

    
    

    
  
Fixed. Tested with https://github.com/cisco/openh264/commit/7d7a5c28bc
Flags: needinfo?(cdiehl)

    
  
Blocks: 1170319

    
  
No longer blocks: 1170319
Depends on: 1170319

    
    

    
  
Marking as fixed per comment 10.
Status: REOPENED → RESOLVED
Closed: 9 years ago9 years ago
Resolution: --- → FIXED
Component: OpenH264 → Audio/Video: GMP
Product: External Software Affecting Firefox → Core

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: