Closed Bug 1133645 Opened 5 years ago Closed 5 years ago

Android AudioDataDecoder uses audio_specific_config without checking its size

Categories

(Core :: Audio/Video, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla38
Tracking Status
firefox38 --- fixed

People

(Reporter: kinetik, Assigned: kinetik)

References

()

Details

Attachments

(1 file)

AudioDataDecoder's constructor assumes the audio_specific_config passed in is at least two bytes long.  For some media, such as dom/media/test/small-shot-mp3.mp4, this assumption is incorrect and results in accessing uninitialized (and possibly unmapped) memory.
Attached patch patch v0Splinter Review
Attachment #8565286 - Flags: review?(snorp)
Blocks: mediacodec
Comment on attachment 8565286 [details] [diff] [review]
patch v0

Review of attachment 8565286 [details] [diff] [review]:
-----------------------------------------------------------------

oops
Attachment #8565286 - Flags: review?(snorp) → review+
https://hg.mozilla.org/mozilla-central/rev/602f3407d79a
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
You need to log in before you can comment on or make changes to this bug.