Closed
Bug 1479611
Opened 7 years ago
Closed 5 years ago
Malformed range response hang whole browser
Categories
(Firefox for Android Graveyard :: Audio/Video, defect)
Firefox for Android Graveyard
Audio/Video
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: s.h.h.n.j.k, Unassigned)
Details
(Keywords: csectype-dos, hang, sec-low)
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36
Steps to reproduce:
1. Go to https://test.shhnjk.com/hls/hang.html
Actual results:
Browser hangs. No matter whatever you do (close the tab, go to android home and come back, etc), it remains hang and user can't do anything until user restart the browser (by swiping out the browser view).
Expected results:
Nothing. There seems to be a problem when HLS manifest response with malformed range response (redirect). Not sure if this is a security issue. Feel free to remove the restriction.
|
||
Comment 1•7 years ago
|
||
More fun with HLS. :padenot, can you take a look and triage as appropriate? Feel free to ping me or someone else if you're confident this doesn't need to be sec-sensitive. CC'ing some more folks who've had occasion to look at this recently in case they want to jump in / know anything about what might cause this given the intersection with networking.
Flags: needinfo?(padenot)
|
||
Comment 2•7 years ago
|
||
I can repro this on release. It would be nice to be able to profile the java code, but I don't know how.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(padenot)
|
|
||
Comment 3•7 years ago
|
||
Or even break in a debugger I suppose. This is all pretty opaque.
|
||
Comment 4•7 years ago
|
||
(In reply to Paul Adenot (:padenot) from comment #2)
> I can repro this on release. It would be nice to be able to profile the java
> code, but I don't know how.
There is tooling for doing this inside Android Studio, and it should "mostly work" with Firefox for Android... but I think you're better off collaborating with a GV developer (snorp, jchen, or droeh) who has expertise in this area and can do the first bits.
> Or even break in a debugger I suppose. This is all pretty opaque.
The Java debugger works very well in Android Studio. The mixed (Java and native) debugger I haven't tried in some time. There's definitely work required to configure the native symbols in Android Studio, but it "mostly worked" when I tried last.
|
||
Updated•7 years ago
|
|
|
||
Updated•7 years ago
|
Group: firefox-core-security → mobile-core-security
|
||
Comment 5•5 years ago
|
||
No hang on current Firefox for Android or Fenix builds. Although we are not getting a playable element here.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WORKSFORME
|
||
Updated•5 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
|
|
||
Updated•2 years ago
|
Group: mobile-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•