Closed
Bug 1123507
Opened 10 years ago
Closed 10 years ago
Out of bound memory access in MoofReader
Categories
(Core :: Audio/Video, defect)
Core
Audio/Video
Tracking
()
RESOLVED
FIXED
mozilla38
People
(Reporter: jya, Assigned: jya)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
|
1.30 KB,
patch
|
eflores
:
review+
Sylvestre
:
approval-mozilla-aurora+
Sylvestre
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
As title states...
Box constructor will read and copy 16 bytes into a buffer 8 bytes long
|
Assignee | |
Comment 1•10 years ago
|
||
read/write proper amount of data
Attachment #8551543 -
Flags: review?(edwin)
|
|
Assignee | |
Updated•10 years ago
|
Assignee: nobody → jyavenard
Status: NEW → ASSIGNED
Attachment #8551543 -
Flags: review?(edwin) → review+
|
|
Assignee | |
Comment 2•10 years ago
|
||
remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/c9d2b07a108d
remote: https://hg.mozilla.org/integration/mozilla-inbound/rev/1a1a66376625
Ralph, I think this should urgently be uplifted
Flags: needinfo?(giles)
|
||
Comment 3•10 years ago
|
||
Comment on attachment 8551543 [details] [diff] [review]
Prevent out of bound memory access
I agree, this is an important one.
Approval Request Comment
[Feature/regressing bug #]: MSE
[User impact if declined]: Crashes and memory corruption from malformed videos.
[Describe test coverage new/current, TBPL]: presuming green on inbound.
[Risks and why]: Low; change is straightforward and small.
[String/UUID change made/needed]: None.
Flags: needinfo?(giles)
Attachment #8551543 -
Flags: approval-mozilla-beta?
Attachment #8551543 -
Flags: approval-mozilla-aurora?
|
|
||
Updated•10 years ago
|
|
||
Comment 4•10 years ago
|
||
Comment on attachment 8551543 [details] [diff] [review]
Prevent out of bound memory access
Taking it even if it didn't land in m-c to be sure it is in beta 2!
Attachment #8551543 -
Flags: approval-mozilla-beta?
Attachment #8551543 -
Flags: approval-mozilla-beta+
Attachment #8551543 -
Flags: approval-mozilla-aurora?
Attachment #8551543 -
Flags: approval-mozilla-aurora+
|
||
Comment 5•10 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
|
||
Comment 6•10 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/b5727b11abfb
https://hg.mozilla.org/releases/mozilla-beta/rev/8691f7169392
Any way to test this?
Flags: needinfo?(jyavenard)
Flags: in-testsuite?
|
|
Assignee | |
Comment 7•10 years ago
|
||
You would need to craft a fragmented MP4 using 64 bits index size.
Not sure how you could test it as such. Especially as the behaviour would depends on the OS/Compiler
Flags: needinfo?(jyavenard)
You need to log in
before you can comment on or make changes to this bug.
Description
•