Closed Bug 1348931 Opened 3 years ago Closed 3 years ago
Possible integer overflow in allocation size in Silent
Are the values multiplied here controlled by content? http://searchfox.org/mozilla-central/rev/557f236c19730116d3bf53c0deef36362cafafcd/dom/media/mediasink/DecodedAudioDataSink.cpp#269-270 If so, it might lead to integer overflow and potential security issues.
I just found this as well (because of the static analysis in bug 1279569), but I don't see the code being used anywhere. The integer overflow here would lead to partial uninitialized data in mData.
I will remove the dead code.
Assignee: nobody → jwwang
Component: Audio/Video → Audio/Video: Playback
Attachment #8849812 - Flags: review?(gsquelart) → review+
Whiteboard: [adv-main55-] → [adv-main55-][post-critsmash-triage]
You need to log in before you can comment on or make changes to this bug.