Closed
Bug 1260377
Opened 9 years ago
Closed 9 years ago
Fix CDMProxy::SetServerCertificate null dereference to avoid crashing
Categories
(Core :: Audio/Video: Playback, defect, P1)
Core
Audio/Video: Playback
Tracking
()
RESOLVED
FIXED
mozilla48
People
(Reporter: JamesCheng, Assigned: JamesCheng)
Details
(Keywords: crash)
Attachments
(1 file)
|
982 bytes,
patch
|
JamesCheng
:
review+
ritu
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
CDMProxy::SetServerCertificate forgets to malloc before using.
Quick fix this potential crash issue.
https://dxr.mozilla.org/mozilla-central/rev/63be002b4a803df1122823841ef7633b7561d873/dom/media/eme/CDMProxy.cpp#337
|
Assignee | |
Comment 1•9 years ago
|
||
carry r+ from bug 1234976 comment 29.
Attachment #8735757 -
Flags: review+
|
|
Assignee | |
Updated•9 years ago
|
Keywords: checkin-needed
|
|
Assignee | |
Comment 2•9 years ago
|
||
attach treeherder result
https://treeherder.mozilla.org/#/jobs?repo=try&revision=3c9f5d1d727e
|
||
Comment 3•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/690f9c2a909b45dbbc98c3d2694a0d626edb0f5a
Bug 1260377 - Fix CDMProxy::SetServerCertificate crash since null pointer. r=cpearce
|
|
||
Updated•9 years ago
|
Flags: needinfo?(cpearce)
Priority: -- → P1
|
||
Comment 5•9 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox48:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla48
|
|
||
Comment 6•9 years ago
|
||
Comment on attachment 8735757 [details] [diff] [review]
Fix-CDMProxy-SetServerCertificate-crash-.patch
Approval Request Comment
[Feature/regressing bug #]: EME
[User impact if declined]: Potential for some EME JavaScript players to crash if they call a function of the EME API. This function isn't used by Adobe EME, but if a site calls this regardless, we can crash (null pointer dereference, not exploitable).
[Describe test coverage new/current, TreeHerder]: We don't call this specific path, as Adobe's EME plugin and our baseline clearkey EME implementation doesn't use this function.
[Risks and why]: Low; it's just allocating a struct.
[String/UUID change made/needed]: None.
Attachment #8735757 -
Flags: approval-mozilla-aurora?
status-firefox47:
--- → affected
Comment on attachment 8735757 [details] [diff] [review]
Fix-CDMProxy-SetServerCertificate-crash-.patch
Crash fix, Aurora47+
Attachment #8735757 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
|
||
Comment 8•9 years ago
|
||
| bugherder uplift | ||
You need to log in
before you can comment on or make changes to this bug.
Description
•