1066714 - opening a wav file mistakenly named as mp3, instantly crashes FF

Status: RESOLVED DUPLICATE of bug 976023

(Firefox :: Untriaged, defect)

Description

[Andrea Gronchi]

Attachment: this_is_a_wav.mp3

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:31.0) Gecko/20100101 Firefox/31.0
Build ID: 20140716183446

Steps to reproduce:

Just have the browser load the resource. This happens by opening the file directly or by loading it via javascript, or <audio> tag in a web page. This has only been verified by loading the file locally, therefore with not mime info sent via headers.


Actual results:

Instant crash. 

This is readable in the dmesg (OSX): 

firefox (map: 0xffffff80161afde8) triggered DYLD shared region unnest for map: 0xffffff80161afde8, region 0x7fff83000000->0x7fff83200000. While not abnormal for debuggers, this increases system memory footprint until the target exits.




Expected results:

Figure out the deduced file is not a mp3 but a WAV containing a PCM track, and play it.

Comment 1

[Benjamin Smedberg]

Is the Mozilla crash reporter triggered? If so please use about:crashes to link us to the crash report.

Comment 2

[Benjamin Smedberg]

Trying this in Windows Nightly I get "Video can't be played because file is corrupt."

Comment 3

[Andrea Gronchi]

Apparently the crash reporter did not trigger, however I am able to see the streak of reports in about:crashes.

Here is a clean one:
https://crash-stats.mozilla.com/report/index/938df792-e0bc-449c-a3d5-4006b2140912

Comment 4

[Benjamin Smedberg]

Thank you! This is not an exploitable crash (it's a null-dereference), and it's specific to mac MP3 code. I'm going to mark this bug duplicate of an existing bug tracking this crash signature, and let them know that you have reliable STR.