Closed Bug 1209368 Opened 9 years ago Closed 9 years ago

MSan: use-of-uninitialized-value in DecodeVarLenUint8 (decode.c:81)

Categories

(Core :: Layout: Text and Fonts, defect)

Product:
Core
Component:
Layout: Text and Fonts
Version:
41 Branch
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox41 --- unaffected
firefox42 --- unaffected
firefox43 --- unaffected
firefox44 --- fixed
firefox-esr38 --- unaffected

People

(Reporter: tsmith, Unassigned)

References

Details

(Keywords: csectype-uninitialized, sec-low, Whiteboard: [adv-main44+])

Attachments

(2 files)

call_stack.txt
1.19 KB, text/plain
Details
test_case.compressed
7 bytes, application/octet-stream
Details
Attached file call_stack.txt
Not sure which component this should go under so I copied bug 366559 for now. I am fuzzing commit https://github.com/google/brotli/commit/ca29aa22c295daac15baf5d85427ecc7808b515c This is the version of brotli currently shipping in Firefox (https://hg.mozilla.org/mozilla-central/log/tip/modules/brotli/dec/decode.c). It is currently used in WOFF2.
Attached file test_case.compressed
status-firefox41: --- → affected
status-firefox42: --- → affected
status-firefox43: --- → affected
status-firefox44: --- → fixed
status-firefox-esr38: --- → unaffected
Component: Networking: HTTP → Layout: Text
Group: network-core-security → layout-core-security
per https://bugzilla.mozilla.org/show_bug.cgi?id=1207298#c12 we are going to let the brotli library update ride the trains from 44 onwards unless we learn of more severe problems.. bug 1207298 checked in a library update and will also resolve this issue.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Group: layout-core-security → core-security-release
Keywords: sec-low
Whiteboard: [adv-main44-] → [adv-main44+]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: