1427150 - When building against pulseaudio >= 2.0, the resulting build does a buffer overflow read with pulseaudio < 2.0

Status: RESOLVED FIXED

Description

[Mike Hommey [:glandium]]

I know these are old versions of pulseaudio, but as a matter of fact, ubuntu 12.04 is on 1.1, so this is not entirely an hypothetical problem.

We're currently saved because what we ship is built against pulseaudio 0.9.something, which doesn't enable the code that will do the buffer overflow read.

Comment 1

[Mike Hommey [:glandium]]

To make things clearer, this is a problem with the C pulseaudio backend, not with the rust one.

Comment 2

[Mike Hommey [:glandium]]

Oh, and I should mention, the reason this is a going to be a problem is that bug 1399679 is going to change the build environment we use to build Firefox, and that will be using pulseaudio 2.0 headers, which enable the code doing the buffer overflow read.

Comment 3

[Mike Hommey [:glandium]]

Attachment: Bug 1427150 - Update cubeb from upstream to 43e15fc.

The code reading that field is build-time protected, so as long as the
runtime pulseaudio version is greater than the one used at build-time,
we're good. And as of now, the build-time version is 0.9.something, from
our Centos 6 build environment.

In bug 1399679, we're going to switch the build environment to Debian
Wheezy, which comes with pulseaudio 2.0 headers, enabling that code.
This means running the official Firefox on e.g. Ubuntu 12.04, which has
1.1, would read past the end of the pa_sink_port_info, possibly leading
to random behavior with port availability.

Review commit: https://reviewboard.mozilla.org/r/209380/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/209380/

Comment 4

[Mike Hommey [:glandium]]

Sent upstream: https://github.com/kinetiknz/cubeb/pull/396

Comment 5

[Mike Hommey [:glandium]]

Attachment: Bug 1427150 - Don't get some default sink info based on the pa_sink_info build-time size.

The build-time pa_sink_info might not have the same size as the at run
time. This especially becomes a problem when the struct is larger at
build-time, since we copy its content for the default sink info.

However, we don't need most of the data in there, so create a new struct
holding what we do need, and copy that. This new struct has a constant
size across versions of pulseaudio.

Review commit: https://reviewboard.mozilla.org/r/209392/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/209392/

Comment 6

[Dan Glastonbury (:kamidphish) | JuryDuty 20 May - 31 May | needinfo me]

Comment on attachment 8938924 [details]
Bug 1427150 - Don't get some default sink info based on the pa_sink_info build-time size.

https://reviewboard.mozilla.org/r/209392/#review215150

Thanks.

Comment 7

[Dan Glastonbury (:kamidphish) | JuryDuty 20 May - 31 May | needinfo me]

Comment on attachment 8938914 [details]
Bug 1427150 - Update cubeb from upstream to 43e15fc.

https://reviewboard.mozilla.org/r/209380/#review215152

Comment 8

[Mike Hommey [:glandium]]

Comment on attachment 8938914 [details]
Bug 1427150 - Update cubeb from upstream to 43e15fc.

Review request updated; see interdiff: https://reviewboard.mozilla.org/r/209380/diff/1-2/

Comment 9

[Mike Hommey [:glandium]]

As this was merged upstream just on top of what was already the commit used in mozilla-central, I replaced the two patches here with a "Update cubeb from upstream to 43e15fc" that has the same changes, plus an update of README_MOZILLA for the git sha1.

Comment 10

[Pulsebot]

Pushed by mh@glandium.org:
https://hg.mozilla.org/integration/autoland/rev/69f9bc50da95
Update cubeb from upstream to 43e15fc. r=kamidphish

Comment 11

[Andreea Pavel [:apavel]]

https://hg.mozilla.org/mozilla-central/rev/69f9bc50da95