Closed Bug 1269768 Opened 8 years ago Closed 8 years ago

Assertion '*pkt_block_additional == ((void*)0)' failed [@ne_read_block_additions]

Categories

(Core :: Audio/Video: Playback, defect, P2)

Product:
Core
Component:
Audio/Video: Playback
Version:
49 Branch
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla49
Tracking Flags:
Tracking Status
firefox49 --- fixed

People

(Reporter: tsmith, Assigned: kinetik)

References

Details

(Keywords: assertion, testcase)

Attachments

(2 files)

test_case.webm
401 bytes, video/webm
Details
fix
84 bytes, text/plain
rillian
: review+
Details
Attached video test_case.webm 
I found this while fuzzing nestegg commit 046e10f7607f943e5889c05fd6c7ab8bc2c614a3

Running the attached test case in a debug build will trigger the following assertion:

test: src/nestegg.c:1408: int ne_read_block_additions(nestegg *, uint64_t, uint64_t, struct block_additional **): Assertion `*pkt_block_additional == ((void*)0)' failed.

#0  0x00007ffff6f05cc9 in __GI_raise (sig=sig@entry=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff6f090d8 in __GI_abort () at abort.c:89
#2  0x00007ffff6efeb86 in __assert_fail_base (
    fmt=0x7ffff704f830 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
    assertion=assertion@entry=0x50ed40 <.str> "*pkt_block_additional == ((void*)0)", 
    file=file@entry=0x50cee0 <.str.4> "src/nestegg.c", line=line@entry=1408, 
    function=function@entry=0x50eda0 <__PRETTY_FUNCTION__.ne_read_block_additions> "int ne_read_block_additions(nestegg *, uint64_t, uint64_t, struct block_additional **)")
    at assert.c:92
#3  0x00007ffff6efec32 in __GI___assert_fail (
    assertion=0x50ed40 <.str> "*pkt_block_additional == ((void*)0)", 
    file=0x50cee0 <.str.4> "src/nestegg.c", line=1408, 
    function=0x50eda0 <__PRETTY_FUNCTION__.ne_read_block_additions> "int ne_read_block_additions(nestegg *, uint64_t, uint64_t, struct block_additional **)") at assert.c:101
#4  0x00000000004f1252 in ne_read_block_additions (ctx=<optimized out>, 
    block_id=<optimized out>, block_size=<optimized out>, 
    pkt_block_additional=<optimized out>) at src/nestegg.c:1408
#5  nestegg_read_packet (ctx=<optimized out>, pkt=<optimized out>) at src/nestegg.c:2477
The parser is seeing multiple BlockAdditions elements, but we only expect one.  The assert needs to be converted into an error return indicating the file is invalid.
Assignee: nobody → kinetik
Attached file fix 

        Attachment #8754623 -
        Flags: review?(giles)

    
  
Status: NEW → ASSIGNED

        Attachment #8754623 -
        Flags: review?(giles) → review+

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/7ec3b365c990
Status: ASSIGNED → RESOLVED
Closed: 8 years ago

          status-firefox49:
          affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla49

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: