Closed Bug 1200819 Opened 9 years ago Closed 9 years ago

Null Pointer Derefrencing in libstagefright

Categories

(Core :: Audio/Video, defect)

Product:
Core
Component:
Audio/Video
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1187067

People

(Reporter: abillings, Unassigned)

References

Details

(Keywords: crash, csectype-nullptr, testcase, Whiteboard: [sg:dos])

Attachments

(4 files)

PoC video file
400 bytes, video/mp4
Details
call_stack.txt
4.98 KB, text/plain
Details
full_log.txt
130.80 KB, text/plain
Details
Stack track from original reporter
155.18 KB, text/plain
Details
Attached video PoC video file 
security@mozilla.org received the following in email today from secresearch@fortinet.com
-------
Vulnerability Notification

Sept 01, 2015
Tracking Case #: FG-VD-15-062

Dear Mozilla,

The following information pertains to information discovered by Fortinet's FortiGuard Labs. It has been determined that a vulnerability exists in libstagefright. To streamline the disclosure process, we have created a preliminary advisory which you can find below. This upcoming advisory is purely intended as a reference, and does not contain sensitive information such as proof of concept code.

As a mature corporation involved in security research, we strive to responsibly disclose vulnerability information. We will not post an advisory until we determine it is appropriate to do so in co-ordination with the vendor unless one the following situations occur:

1)If public proof of concept code is released, increasing the danger of the vulnerability being exploited in the wild

2)A patch or update has been released to provide protection against the given vulnerability

3)We receive explicit permission from the vendor

We look forward to working closely with you to resolve this issue, and kindly ask for your co-operation during this time. Please let us know if you have any further questions, and we will promptly respond to address any issues. 

If this message is not encrypted, it is because we could not find your key to do so. If you have one available for use, please notify us and we will ensure that this is used in future correspondence. We ask you use our public PGP key to encrypt and communicate any sensitive information with us. You may find the key on our FortiGuard center at: http://www.fortiguardcenter.com/pgp_key.html

Type of Vulnerability & Repercussions:

 Null Pointer Derefrencing

Affected Products:

Firefox 40.0.3(Windows 7)

Upcoming Advisory Reference:
  http://www.fortiguard.com/advisory/UpcomingAdvisories.html
 
Attached is the Proof of Concept which triggers the bug.
I could not reproduce this issue with:
- nightly linux asan
- nightly linux asan dbg
- 40.0.2 linux asan

Anyone want to test on Windows? the report says that is what is affected.
Attached file call_stack.txt 
Keywords: csectype-nullptr, 
          
            testcase
OS: Unspecified → Windows 7
Hardware: Unspecified → x86

    
    

    
  

      
      
      
      

        Attached file
          
        full_log.txt
      

    


  

    
    

    
  
Is this a dup of bug 1187067?
Keywords: crash
See Also:  → 1156517, 1187067

    
  
Group: core-security → media-core-security

    
    

    
  
Could you look into this, jya? It seems like if this is just a null deref it isn't really a security issue, but it would be good for somebody who knows this code to confirm that this crash is benign. Thanks.
Flags: needinfo?(jyavenard)

    
    

    
  
this is a dup of bug 1187067 and is fixed now (pending on inbound)
Status: NEW → RESOLVED
Closed: 9 years ago
Flags: needinfo?(jyavenard)
Resolution: --- → DUPLICATE
Group: media-core-security
Whiteboard: [sg:dos]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: