Closed
Bug 1313527
Opened 8 years ago
Closed 8 years ago
red parser goes into endless loop on broken SDP
Categories
(Core :: WebRTC: Signaling, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla52
Tracking | Status | |
---|---|---|
firefox49 | --- | unaffected |
firefox-esr45 | --- | unaffected |
firefox50 | --- | fixed |
firefox51 | --- | fixed |
firefox52 | --- | fixed |
backlog | webrtc/webaudio+ |
People
(Reporter: drno, Assigned: drno)
References
Details
(Keywords: csectype-dos, regression)
Attachments
(1 file)
58 bytes,
text/x-review-board-request
|
mjf
:
review+
ritu
:
approval-mozilla-aurora+
ritu
:
approval-mozilla-beta+
|
Details |
No description provided.
Assignee | ||
Updated•8 years ago
|
backlog: --- → webrtc/webaudio+
Rank: 10
status-firefox49:
--- → unaffected
status-firefox50:
--- → affected
status-firefox51:
--- → affected
status-firefox52:
--- → affected
status-firefox-esr45:
--- → unaffected
Comment hidden (mozreview-request) |
Comment 2•8 years ago
|
||
mozreview-review |
Comment on attachment 8805313 [details] Bug 1313527: exit red parser loop if stroul failed. https://reviewboard.mozilla.org/r/89058/#review88262 ::: media/webrtc/signaling/test/sdp_unittests.cpp:444 (Diff revision 1) > > TEST_F(SdpTest, parseRtcpFbFooBarBaz) { > ParseSdp(kVideoSdp + "a=rtcp-fb:120 foo bar baz\r\n"); > } > > +static const std::string kVideoSdpWithUnknonwBrokenFtmp = typo Unknonw should be Unknown
Comment 3•8 years ago
|
||
mozreview-review |
Comment on attachment 8805313 [details] Bug 1313527: exit red parser loop if stroul failed. https://reviewboard.mozilla.org/r/89058/#review88270 One nit, otherwise good.
Attachment #8805313 -
Flags: review?(mfroman) → review+
Comment hidden (mozreview-request) |
Pushed by drno@ohlmeier.org: https://hg.mozilla.org/integration/autoland/rev/aeb0df69182a exit red parser loop if stroul failed. r=mjf
Assignee | ||
Comment 6•8 years ago
|
||
Comment on attachment 8805313 [details] Bug 1313527: exit red parser loop if stroul failed. Approval Request Comment [Feature/regressing bug #]: Bug 1275360 added support for parsing red, which has a problem. [User impact if declined]: Firefox users who use WebRTC services or connect to WebRTC devices which send broken SDP to Firefox can cause Firefox's main thread to enter an endless loop from which the user can only terminate Firefox via the OS. [Describe test coverage new/current, TreeHerder]: The patch contains a new unit test which shows that their is no longer an endless loop. [Risks and why]: The risk is pretty low as it only set an additional exit criteria from a loop which should only be entered in rare corner cases. [String/UUID change made/needed]: N/A
Attachment #8805313 -
Flags: approval-mozilla-beta?
Attachment #8805313 -
Flags: approval-mozilla-aurora?
Comment 7•8 years ago
|
||
Note: this could be used to trivially DOS the browser (though I'm sure there are other ways to do so easily).
Keywords: csectype-dos
Comment 8•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/aeb0df69182a
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
Comment on attachment 8805313 [details] Bug 1313527: exit red parser loop if stroul failed. Fixes a hang (and see comment 7) with invalid SDP, Aurora51+, Beta50+
Attachment #8805313 -
Flags: approval-mozilla-beta?
Attachment #8805313 -
Flags: approval-mozilla-beta+
Attachment #8805313 -
Flags: approval-mozilla-aurora?
Attachment #8805313 -
Flags: approval-mozilla-aurora+
https://hg.mozilla.org/releases/mozilla-beta/rev/207127298f7a26e48f553be88499ae043b3c1c35 https://hg.mozilla.org/releases/mozilla-release/rev/207127298f7a26e48f553be88499ae043b3c1c35
You need to log in
before you can comment on or make changes to this bug.
Description
•