Closed Bug 1423916 Opened 7 years ago Closed 7 years ago

Crash in webrtc::Deinterleave<T>

Categories

(Core :: WebRTC: Audio/Video, defect, P1)

Product:
Core
Component:
WebRTC: Audio/Video
Version:
59 Branch
Platform:
Unspecified
Windows 10
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla59
Tracking Flags:
Tracking Status
firefox-esr52 --- unaffected
firefox57 --- unaffected
firefox58 --- unaffected
firefox59 --- fixed

People

(Reporter: calixte, Assigned: padenot)

References

(Blocks 1 open bug)

Details

(5 keywords, Whiteboard: [clouseau])

Crash Data

This bug was filed from the Socorro interface and is report bp-5c6ef9bc-50a2-4f76-98e7-8f2ca0171207. ============================================================= Top 10 frames of crashing thread: 0 xul.dll webrtc::Deinterleave<float> media/webrtc/trunk/webrtc/common_audio/include/audio_util.h:96 1 xul.dll mozilla::MediaEngineWebRTCMicrophoneSource::PacketizeAndProcess dom/media/webrtc/MediaEngineWebRTCAudio.cpp:862 2 xul.dll mozilla::WebRTCAudioDataListener::NotifyInputData dom/media/webrtc/MediaEngineWebRTC.h:391 3 xul.dll mozilla::AudioCallbackDriver::DataCallback dom/media/GraphDriver.cpp:928 4 xul.dll cubeb_resampler_speex<float, cubeb_resampler_speex_one_way<float>, delay_line<float> >::fill_internal_duplex media/libcubeb/src/cubeb_resampler.cpp:242 5 xul.dll `anonymous namespace'::refill media/libcubeb/src/cubeb_wasapi.cpp:564 6 xul.dll `anonymous namespace'::refill_callback_duplex media/libcubeb/src/cubeb_wasapi.cpp:763 7 xul.dll `anonymous namespace'::wasapi_stream_render_loop media/libcubeb/src/cubeb_wasapi.cpp:970 8 ucrtbase.dll __crt_stdio_output::crop_zeroes 9 kernel32.dll BaseThreadInitThunk ============================================================= There is 1 crash in nightly 59 with buildid 20171206221407. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1397793. [1] https://hg.mozilla.org/mozilla-central/rev/0107b3feb84b
Flags: needinfo?(padenot)
Rank: 10
Priority: -- → P2
Write to wildptr address (or maybe bounds) -> sec-high
Group: media-core-security
Rank: 10 → 5
Keywords: csectype-bounds, csectype-wildptr, sec-high
Priority: P2 → P1
Fixed in https://reviewboard.mozilla.org/r/206292/diff/1-2/, that has landed on central.
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(padenot)
Resolution: --- → FIXED
Group: media-core-security → core-security-release
Assignee: nobody → padenot
status-firefox59: affectedfixed
Target Milestone: --- → mozilla59
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.