Closed Bug 1342730 Opened 3 years ago Closed 3 years ago
MIPS cpu detection code in libyuv is buggy
Caused by the libyuv import in bug 1341543 While it's possible that no real MIPS CPU Firefox runs on would trigger it, the cpu_id code in libyuv has a bug that can cause null derefs or a UAF. These only apply if the CPU does not support either MSA or DSPR2. It opens /proc/cpuinfo, and then fgets() from it. It will null-deref if the file doesn't open, and the default ASE doesn't include MSA or DSPR2. It will UAF if the file opens, and the ASEs implemented line doesn't include MSA or DSPR2.
Attachment #8841298 - Flags: review?(sotaro.ikeda.g)
https://bugs.chromium.org/p/libyuv/issues/detail?id=687 There's no way for external people to submit hidden sec issues ...
Attachment #8841298 - Flags: review?(sotaro.ikeda.g) → review+
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.