Closed Bug 1480090 Opened 6 years ago Closed 6 years ago

WebRTC: Type Confusion when processing H264 NAL packet

Categories

(Core :: WebRTC: Audio/Video, defect, P2)

Product:
Core
Component:
WebRTC: Audio/Video
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla65
Tracking Flags:
Tracking Status
firefox-esr52 --- unaffected
firefox-esr60 --- unaffected
firefox62 --- unaffected
firefox63 --- wontfix
firefox64 --- wontfix
firefox65 --- fixed

People

(Reporter: posidron, Assigned: dminor)

References

Details

(Keywords: sec-high, Whiteboard: [post-critsmash-triage][adv-main65+])

From Google's Project Zero: WebRTC: Type Confusion when processing H264 NAL packet https://bugs.chromium.org/p/project-zero/issues/detail?id=1571
This is chrome bug https://bugs.chromium.org/p/chromium/issues/detail?id=840536 The patch appears to be https://webrtc.googlesource.com/src.git/+/09133af36fba93691a22151765097c0bd581c1fa Are we affected by this one? I know we use OpenH264 but maybe this is during the transmission and not decoding?
Group: core-security → media-core-security
Flags: needinfo?(drno)
See Also: → https://bugs.chromium.org/p/project-zero/issues/detail?id=1571, https://bugs.chromium.org/p/chromium/issues/detail?id=840536
I don't see any of the affected code being used in Firefox now. Which is probably because we are still using webrtc.org version 57. So I would say we are not affected. One question is if we are going to be affected with the upcoming update to webrtc.org version 64.
Flags: needinfo?(drno)
Dan can you please check if through the update the webrtc.org 64 we are going to be affected by this issue?
Flags: needinfo?(dminor)
We will be affected by this after the 64 update. The upstream patch is only two lines, I can cherrypick it for the update with no problems.
Flags: needinfo?(dminor)
Calling this sec-high assuming we planned to take the webrtc-64 update in fx63. Please make this "block" the update bug.
status-firefox62: --- → unaffected
status-firefox63: affected?
status-firefox-esr52: --- → unaffected
status-firefox-esr60: --- → unaffected
Keywords: sec-high
It's more likely that the webrtc.org 64 update will land in fx64. I'm still working through test failures and have not begun asking for reviews yet.
Blocks: 1376873
Assignee: nobody → dminor
Rank: 15
Priority: -- → P2
The fix for this landed as part of the update in Bug 1376873: https://hg.mozilla.org/integration/mozilla-inbound/rev/cca0a311c33b
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Group: media-core-security → core-security-release
status-firefox63: ?wontfix
status-firefox64: --- → wontfix
status-firefox65: --- → fixed
Target Milestone: --- → mozilla65
No longer blocks: 1376873
Depends on: 1376873
Flags: qe-verify-
Whiteboard: [post-critsmash-triage]
Whiteboard: [post-critsmash-triage] → [post-critsmash-triage][adv-main65+]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.