Closed Bug 1156342 Opened 10 years ago Closed 10 years ago

OpenH264: global-buffer-overflow crash [@WelsDec::ParseScalingList]

Categories

(Core :: Audio/Video: GMP, defect)

Product:
Core
Component:
Audio/Video: GMP
Platform:
x86_64
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox37 --- unaffected
firefox38 --- unaffected
firefox38.0.5 --- unaffected
firefox39 --- unaffected
firefox40 --- unaffected
firefox41 --- unaffected
firefox42 --- unaffected
firefox-esr31 --- unaffected
firefox-esr38 --- unaffected

People

(Reporter: posidron, Unassigned)

References

(Blocks 1 open bug)

Details

(4 keywords)

Attachments

(2 files)

testcase.264
556.83 KB, application/octet-stream
Details
callstack
3.27 KB, text/plain
Details
Attached file callstack
I just replicated this crash with the master branch, but I cannot replicate it with the v1.4-Firefox38 branch (gives a 'Feature not supported' message). So we need to fix this before the next version, but this shouldn't hold up the v1.4 rollout.
This problem has been fixed in commit dac1363
please kindly check if it works. thanks
Flags: needinfo?(cdiehl)
Tracking for 38+ since this is sec-critical. Christoph, which platforms and versions are affected? Do you need extra QA help?
status-firefox40: --- → affected
tracking-firefox38: --- → +
tracking-firefox39: --- → +
tracking-firefox40: --- → +
No Firefox versions are affected. This is a bug in code that was added since v1.4 of OpenH264 was made.
unmarking tracking as this applies to an unreleased version of the plugin.
status-firefox40: affectedunaffected
tracking-firefox38: + → ---
tracking-firefox39: + → ---
tracking-firefox40: + → ---
Group: core-security
Component: WebRTC: Audio/Video → OpenH264
Product: Core → Plugins
This should now be fixed by the rollout of OpenH264 v1.4 - bug 1133784.
Status: NEW → RESOLVED
Closed: 10 years ago
Depends on: 1133784
Resolution: --- → FIXED
Closed this by mistake, this bug was found in post-1.4 code.
Status: RESOLVED → REOPENED
No longer depends on: 1133784
Resolution: FIXED → ---
Fixed. Tested with https://github.com/cisco/openh264/commit/7d7a5c28bc
Flags: needinfo?(cdiehl)
Blocks: 1170319
No longer blocks: 1170319
Depends on: 1170319
Marking as fixed per comment 10.
Status: REOPENED → RESOLVED
Closed: 10 years ago10 years ago
Resolution: --- → FIXED
Component: OpenH264 → Audio/Video: GMP
Product: External Software Affecting Firefox → Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: