Closed Bug 1260377 Opened 4 years ago Closed 4 years ago

Fix CDMProxy::SetServerCertificate null dereference to avoid crashing

Categories

(Core :: Audio/Video: Playback, defect, P1)

defect

Tracking

()

RESOLVED FIXED
mozilla48
Tracking Status
firefox47 --- fixed
firefox48 --- fixed

People

(Reporter: JamesCheng, Assigned: JamesCheng)

Details

(Keywords: crash)

Attachments

(1 file)

CDMProxy::SetServerCertificate forgets to malloc before using.
Quick fix this potential crash issue.

https://dxr.mozilla.org/mozilla-central/rev/63be002b4a803df1122823841ef7633b7561d873/dom/media/eme/CDMProxy.cpp#337
Keywords: checkin-needed
Will want to uplift this.
Flags: needinfo?(cpearce)
Keywords: checkin-needed
Flags: needinfo?(cpearce)
Priority: -- → P1
Keywords: crash
https://hg.mozilla.org/mozilla-central/rev/690f9c2a909b
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla48
Comment on attachment 8735757 [details] [diff] [review]
Fix-CDMProxy-SetServerCertificate-crash-.patch

Approval Request Comment
[Feature/regressing bug #]: EME
[User impact if declined]: Potential for some EME JavaScript players to crash if they call a function of the EME API. This function isn't used by Adobe EME, but if a site calls this regardless, we can crash (null pointer dereference, not exploitable).
[Describe test coverage new/current, TreeHerder]: We don't call this specific path, as Adobe's EME plugin and our baseline clearkey EME implementation doesn't use this function.
[Risks and why]: Low; it's just allocating a struct.
[String/UUID change made/needed]: None.
Attachment #8735757 - Flags: approval-mozilla-aurora?
Comment on attachment 8735757 [details] [diff] [review]
Fix-CDMProxy-SetServerCertificate-crash-.patch

Crash fix, Aurora47+
Attachment #8735757 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
You need to log in before you can comment on or make changes to this bug.