Closed
Bug 1133645
Opened 9 years ago
Closed 9 years ago
Android AudioDataDecoder uses audio_specific_config without checking its size
Categories
(Core :: Audio/Video, defect)
Core
Audio/Video
Tracking
()
RESOLVED
FIXED
mozilla38
Tracking | Status | |
---|---|---|
firefox38 | --- | fixed |
People
(Reporter: kinetik, Assigned: kinetik)
References
()
Details
Attachments
(1 file)
1.18 KB,
patch
|
snorp
:
review+
|
Details | Diff | Splinter Review |
AudioDataDecoder's constructor assumes the audio_specific_config passed in is at least two bytes long. For some media, such as dom/media/test/small-shot-mp3.mp4, this assumption is incorrect and results in accessing uninitialized (and possibly unmapped) memory.
Assignee | ||
Comment 1•9 years ago
|
||
Attachment #8565286 -
Flags: review?(snorp)
Assignee | ||
Updated•9 years ago
|
Blocks: mediacodec
Comment on attachment 8565286 [details] [diff] [review] patch v0 Review of attachment 8565286 [details] [diff] [review]: ----------------------------------------------------------------- oops
Attachment #8565286 -
Flags: review?(snorp) → review+
Assignee | ||
Comment 3•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/602f3407d79a
Comment 4•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/602f3407d79a
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox38:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
You need to log in
before you can comment on or make changes to this bug.
Description
•