Closed
Bug 1066714
Opened 10 years ago
Closed 10 years ago
opening a wav file mistakenly named as mp3, instantly crashes FF
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 976023
People
(Reporter: neta, Unassigned)
Details
Attachments
(1 file)
152.32 KB,
audio/mpeg
|
Details |
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:31.0) Gecko/20100101 Firefox/31.0 Build ID: 20140716183446 Steps to reproduce: Just have the browser load the resource. This happens by opening the file directly or by loading it via javascript, or <audio> tag in a web page. This has only been verified by loading the file locally, therefore with not mime info sent via headers. Actual results: Instant crash. This is readable in the dmesg (OSX): firefox (map: 0xffffff80161afde8) triggered DYLD shared region unnest for map: 0xffffff80161afde8, region 0x7fff83000000->0x7fff83200000. While not abnormal for debuggers, this increases system memory footprint until the target exits. Expected results: Figure out the deduced file is not a mp3 but a WAV containing a PCM track, and play it.
Comment 1•10 years ago
|
||
Is the Mozilla crash reporter triggered? If so please use about:crashes to link us to the crash report.
Flags: needinfo?(neta)
Comment 2•10 years ago
|
||
Trying this in Windows Nightly I get "Video can't be played because file is corrupt."
Reporter | ||
Comment 3•10 years ago
|
||
Apparently the crash reporter did not trigger, however I am able to see the streak of reports in about:crashes. Here is a clean one: https://crash-stats.mozilla.com/report/index/938df792-e0bc-449c-a3d5-4006b2140912
Flags: needinfo?(neta)
Comment 4•10 years ago
|
||
Thank you! This is not an exploitable crash (it's a null-dereference), and it's specific to mac MP3 code. I'm going to mark this bug duplicate of an existing bug tracking this crash signature, and let them know that you have reliable STR.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•