Fix CDMProxy::SetServerCertificate null dereference to avoid crashing

RESOLVED FIXED in Firefox 47

Status

()

P1
normal
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: JamesCheng, Assigned: JamesCheng)

Tracking

({crash})

unspecified
mozilla48
crash
Points:
---

Firefox Tracking Flags

(firefox47 fixed, firefox48 fixed)

Details

Attachments

(1 attachment)

(Assignee)

Description

3 years ago
CDMProxy::SetServerCertificate forgets to malloc before using.
Quick fix this potential crash issue.

https://dxr.mozilla.org/mozilla-central/rev/63be002b4a803df1122823841ef7633b7561d873/dom/media/eme/CDMProxy.cpp#337
(Assignee)

Comment 1

3 years ago
Created attachment 8735757 [details] [diff] [review]
Fix-CDMProxy-SetServerCertificate-crash-.patch

carry r+ from bug 1234976 comment 29.
Attachment #8735757 - Flags: review+
(Assignee)

Updated

3 years ago
Keywords: checkin-needed
https://hg.mozilla.org/integration/mozilla-inbound/rev/690f9c2a909b45dbbc98c3d2694a0d626edb0f5a
Bug 1260377 - Fix CDMProxy::SetServerCertificate crash since null pointer. r=cpearce
Will want to uplift this.
Flags: needinfo?(cpearce)
Keywords: checkin-needed
Flags: needinfo?(cpearce)
Priority: -- → P1
Keywords: crash

Comment 5

3 years ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/690f9c2a909b
Status: NEW → RESOLVED
Last Resolved: 3 years ago
status-firefox48: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla48
Comment on attachment 8735757 [details] [diff] [review]
Fix-CDMProxy-SetServerCertificate-crash-.patch

Approval Request Comment
[Feature/regressing bug #]: EME
[User impact if declined]: Potential for some EME JavaScript players to crash if they call a function of the EME API. This function isn't used by Adobe EME, but if a site calls this regardless, we can crash (null pointer dereference, not exploitable).
[Describe test coverage new/current, TreeHerder]: We don't call this specific path, as Adobe's EME plugin and our baseline clearkey EME implementation doesn't use this function.
[Risks and why]: Low; it's just allocating a struct.
[String/UUID change made/needed]: None.
Attachment #8735757 - Flags: approval-mozilla-aurora?

Updated

3 years ago
status-firefox47: --- → affected

Comment 7

3 years ago
Comment on attachment 8735757 [details] [diff] [review]
Fix-CDMProxy-SetServerCertificate-crash-.patch

Crash fix, Aurora47+
Attachment #8735757 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+

Comment 8

3 years ago
bugherderuplift
https://hg.mozilla.org/releases/mozilla-aurora/rev/bdce1c532b56
status-firefox47: affected → fixed
You need to log in before you can comment on or make changes to this bug.