Closed
Bug 1486030
Opened 6 years ago
Closed 6 years ago
VideoBridgeParent::AllocPTextureParent doesn't handle failures in TextureHost::CreateIPDLActor
Categories
(Core :: Graphics: Layers, defect, P3)
Core
Graphics: Layers
Tracking
()
RESOLVED
FIXED
mozilla63
| Tracking | Status | |
|---|---|---|
| firefox63 | --- | fixed |
People
(Reporter: Alex_Gaynor, Assigned: nical)
References
(Blocks 1 open bug)
Details
(Whiteboard: gfx-noted)
Attachments
(1 file)
This was found with IPC fuzzer:
https://searchfox.org/mozilla-central/source/gfx/layers/ipc/VideoBridgeParent.cpp#65-67
There are various ways that TextureHost::CreateIPDLActor can fail based on data provided. When a nullptr is inserted into mTextureMap, things will later try to dereference it.
This isn't a security issue, but rather a fuzzing efficiency issue.
I believe what needs to be done is to add an |if (!parent) { return nullptr; }| to
VideoBridgeParent::AllocPTextureParent.
|
Assignee | |
Comment 1•6 years ago
|
||
Makes sense. If we return a null actor in an AllocPFoo function it'll generate an error and kill the child process which is probably the best outcome if the parent is unable keep up with the child.
Priority: -- → P3
Whiteboard: gfx-noted
|
|
Assignee | |
Comment 2•6 years ago
|
||
|
||
Comment 3•6 years ago
|
||
Comment on attachment 9004170 [details]
Bug 1486030 - Don't keep a null texture in the video bridge texture map. r=sotaro
Sotaro Ikeda [:sotaro PTO 31/Aug-7/Sep] has approved the revision.
Attachment #9004170 -
Flags: review+
Pushed by nsilva@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a22894e14cc6
Don't keep a null texture in the video bridge texture map. r=sotaro
|
||
Comment 5•6 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
|
||
Updated•6 years ago
|
Assignee: nobody → nical.bugzilla
You need to log in
before you can comment on or make changes to this bug.
Description
•