Closed
Bug 1462188
Opened 7 years ago
Closed 27 days ago
nestegg: unsigned integer overflow in [@ ne_read_int]
Categories
(Core :: Audio/Video: Playback, defect, P3)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| firefox151 | --- | fixed |
People
(Reporter: tsmith, Assigned: kinetik)
References
Details
(Keywords: testcase)
Attachments
(1 file)
|
9.61 KB,
video/webm
|
Details |
nestegg (test) was build unsing the following config command:
CFLAGS="-fsanitize=integer" CC=clang ./configure --enable-static --disable-shared
src/nestegg.c:758:17: runtime error: unsigned integer overflow: 41891 - 65536 cannot be represented in type 'unsigned long'
#0 0x504898 in ne_read_int /home/user/code/nestegg/src/nestegg.c:758:17
#1 0x504898 in ne_read_block /home/user/code/nestegg/src/nestegg.c:1444
#2 0x4ffa97 in nestegg_read_packet /home/user/code/nestegg/src/nestegg.c:2769:11
#3 0x4eaa88 in main /home/user/code/nestegg/test/test.c:231:10
#4 0x7fc0f33af82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
#5 0x418928 in _start (nestegg/test+0x418928)
Flags: in-testsuite?
|
Assignee | |
Updated•7 years ago
|
Assignee: nobody → kinetik
|
|
Assignee | |
Comment 1•7 years ago
|
||
As with bug 1462189 comment 1, this is expected (and not s-s) as we're relying on the defined modulo behaviour of unsigned types, so I think the only fix needed here if we can mark it explicitly to avoid triggering the sanitizer.
Group: media-core-security
|
||
Updated•7 years ago
|
Priority: -- → P3
|
||
Updated•3 years ago
|
Severity: normal → S3
|
|
Assignee | |
Comment 2•1 month ago
|
||
Fix will land via bug 1463586.
Status: NEW → ASSIGNED
Depends on: 1463586
|
|
Assignee | |
Updated•27 days ago
|
Status: ASSIGNED → RESOLVED
Closed: 27 days ago
status-firefox151:
--- → fixed
Resolution: --- → FIXED
Version: unspecified → Firefox 151
|
||
Updated•7 days ago
|
QA Whiteboard: [qa-triage-done-c152/b151]
You need to log in
before you can comment on or make changes to this bug.
Description
•