Valgrind: Use of uninitialised value BrotliDecompress (decode.c:964)

RESOLVED FIXED

Status

()

Core
Layout: Text
--
critical
RESOLVED FIXED
3 years ago
2 years ago

People

(Reporter: tsmith, Unassigned)

Tracking

(Blocks: 1 bug, {csectype-uninitialized, sec-low})

41 Branch
csectype-uninitialized, sec-low
Points:
---

Firefox Tracking Flags

(firefox41 wontfix, firefox42 wontfix, firefox43 wontfix, firefox44 fixed, firefox-esr38 unaffected)

Details

(Whiteboard: [adv-main44+])

Attachments

(2 attachments)

(Reporter)

Description

3 years ago
Created attachment 8667036 [details]
call_stack.txt

Not sure which component this should go under so I copied bug 366559 for now.

I am fuzzing commit https://github.com/google/brotli/commit/ca29aa22c295daac15baf5d85427ecc7808b515c

This is the version of brotli currently shipping in Firefox (https://hg.mozilla.org/mozilla-central/log/tip/modules/brotli/dec/decode.c).

It is currently used in WOFF2.
(Reporter)

Comment 1

3 years ago
Created attachment 8667037 [details]
test_case.compressed
status-firefox41: --- → affected
status-firefox42: --- → affected
status-firefox43: --- → affected
status-firefox44: --- → fixed
status-firefox-esr38: --- → unaffected
Component: Networking: HTTP → Layout: Text
(Reporter)

Updated

3 years ago
Duplicate of this bug: 1209367
(Reporter)

Updated

3 years ago
Group: network-core-security → layout-core-security
per https://bugzilla.mozilla.org/show_bug.cgi?id=1207298#c12 we are going to let the brotli library update ride the trains from 44 onwards unless we learn of more severe problems..

bug 1207298 checked in a library update and will also resolve this issue.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
Group: layout-core-security → core-security-release
Whiteboard: [adv-main44-]
status-firefox41: affected → wontfix
status-firefox42: affected → wontfix
status-firefox43: affected → wontfix
Keywords: sec-low
Whiteboard: [adv-main44-] → [adv-main44+]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.