Closed
Bug 1081355
Opened 10 years ago
Closed 10 years ago
[EME] UAF in |ClearKeyDecryptor::Release|
Categories
(Core :: Audio/Video, defect)
Core
Audio/Video
Tracking
()
RESOLVED
FIXED
mozilla36
People
(Reporter: erahm, Assigned: eflores)
References
(Blocks 2 open bugs)
Details
(Keywords: coverity, csectype-uaf, sec-low, Whiteboard: [CID 1244845][adv-main36-])
Attachments
(1 file)
|
805 bytes,
patch
|
cpearce
:
review+
|
Details | Diff | Splinter Review |
In |ClearKeyDecryptor::Release| [1] we invalidate |this| by deleting it [2] and then access a member variable of the invalidated instance [3].
[1] http://hg.mozilla.org/mozilla-central/annotate/e4cfacb76830/media/gmp-clearkey/0.1/ClearKeyDecryptionManager.cpp#l391
[2] http://hg.mozilla.org/mozilla-central/annotate/e4cfacb76830/media/gmp-clearkey/0.1/ClearKeyDecryptionManager.cpp#l397
[3] http://hg.mozilla.org/mozilla-central/annotate/e4cfacb76830/media/gmp-clearkey/0.1/ClearKeyDecryptionManager.cpp#l401
|
Assignee | |
Comment 2•10 years ago
|
||
Attachment #8503811 -
Flags: review?(cpearce)
|
||
Updated•10 years ago
|
Attachment #8503811 -
Flags: review?(cpearce) → review+
|
|
Assignee | |
Comment 3•10 years ago
|
||
|
||
Comment 4•10 years ago
|
||
Status: NEW → RESOLVED
Closed: 10 years ago
status-firefox36:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
|
||
Updated•10 years ago
|
status-firefox-esr31:
--- → wontfix
|
|
||
Updated•10 years ago
|
Whiteboard: [CID 1244845] → [CID 1244845][adv-main36-]
|
|
||
Comment 5•10 years ago
|
||
Mass update firefox-status to track EME uplift.
|
||
Updated•9 years ago
|
Group: core-security → core-security-release
|
||
Updated•8 years ago
|
Keywords: csectype-uaf
|
||
Updated•7 years ago
|
Blocks: coverity-analysis
You need to log in
before you can comment on or make changes to this bug.
Description
•