Closed Bug 1123507 Opened 5 years ago Closed 5 years ago
Out of bound memory access in Moof
As title states... Box constructor will read and copy 16 bytes into a buffer 8 bytes long
read/write proper amount of data
Attachment #8551543 - Flags: review?(edwin)
Assignee: nobody → jyavenard
Status: NEW → ASSIGNED
Attachment #8551543 - Flags: review?(edwin) → review+
remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/c9d2b07a108d remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/1a1a66376625 Ralph, I think this should urgently be uplifted
Comment on attachment 8551543 [details] [diff] [review] Prevent out of bound memory access I agree, this is an important one. Approval Request Comment [Feature/regressing bug #]: MSE [User impact if declined]: Crashes and memory corruption from malformed videos. [Describe test coverage new/current, TBPL]: presuming green on inbound. [Risks and why]: Low; change is straightforward and small. [String/UUID change made/needed]: None.
Comment on attachment 8551543 [details] [diff] [review] Prevent out of bound memory access Taking it even if it didn't land in m-c to be sure it is in beta 2!
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
You would need to craft a fragmented MP4 using 64 bits index size. Not sure how you could test it as such. Especially as the behaviour would depends on the OS/Compiler
You need to log in before you can comment on or make changes to this bug.