Please update to openh264 2.0.0
Categories
(Core :: Audio/Video: GMP, task, P3)
Tracking
()
People
(Reporter: L.Bonnaud, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0
Steps to reproduce:
I noticed that openh264 1.8.1 currently used by firefox 67, 68 and 69 is not built with hardening compilation options.
Version 2.0.0 is out:
https://github.com/cisco/openh264/blob/master/RELEASES
and at least enables stack protection.
Actual results:
$ hardening-check .mozilla/firefox/default.t8l/gmp-gmpopenh264/1.8.1/libgmpopenh264.so.mozilla/firefox/default.t8l/gmp-gmpopenh264/1.8.1/libgmpopenh264.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: no, only unprotected functions found!
Read-only relocations: no, not found!
Immediate binding: no, not found!
Expected results:
Example of hardened shared library:
$ hardening-check /lib/x86_64-linux-gnu/libcap.so.2
/lib/x86_64-linux-gnu/libcap.so.2:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: yes
Comment 1•5 years ago
|
||
From this comment it doesn't sound like we are interested in the new features added in OpenH264 2.0.0: https://bugzilla.mozilla.org/show_bug.cgi?id=1513000#c47, but the stack protection would be good to have, maybe even as a cherry pick on top of our current 1.8.1 build. Thanks for bringing that to our attention!
Updated•5 years ago
|
fedora 32 uses
$ rpm -ql openh264
...
/usr/lib64/libopenh264.so.2.0.0
/usr/lib64/libopenh264.so.5
$ rpm -ql gstreamer1-plugin-openh264
...
/usr/lib64/gstreamer-1.0/libgstopenh264.so```
yet firefox installs 1.8.1
```ll /home/ed/.mozilla/firefox/*/gmp-gmpopenh264/*
.../gmp-gmpopenh264/1.8.1.1:
.rwx------ ed ed 116 B Tue Nov 5 22:21:09 2019 gmpopenh264.info
.rwx------ ed ed 1.3 MB Tue Nov 5 22:21:09 2019 libgmpopenh264.so
and I get "plugin crashed" errors and this core:
Stack trace of thread 5562:
#0 0x00007fde5a62914b _ZN7mozilla3gmp8GMPChild15ProcessingErrorENS_3ipc14HasResultCodes6ResultEPKc.cold (libxul.so +>
#1 0x00007fde5ac3b8b1 _ZN7mozilla3ipc9IPCResult4FailENS_7NotNullIPNS0_9IProtocolEEEPKcS7_ (libxul.so + 0xe978b1)
#2 0x00007fde5c6079e3 _ZN7mozilla3gmp8GMPChild17AnswerStartPluginERK9nsTStringIDsE (libxul.so + 0x28639e3)
#3 0x00007fde5ad34258 _ZN7mozilla3gmp9PGMPChild14OnCallReceivedERKN3IPC7MessageERPS3_ (libxul.so + 0xf90258)
#4 0x00007fde5ac406dc _ZN7mozilla3ipc14MessageChannel24DispatchInterruptMessageEPNS0_19ActorLifecycleProxyEON3IPC7Me>
#5 0x00007fde5ac45fb5 _ZN7mozilla3ipc14MessageChannel15DispatchMessageEON3IPC7MessageE (libxul.so + 0xea1fb5)
#6 0x00007fde5ac47ca6 _ZN7mozilla3ipc14MessageChannel11MessageTask3RunEv (libxul.so + 0xea3ca6)
#7 0x00007fde5ac04c55 _ZN11MessageLoop21DeferOrRunPendingTaskEONS_11PendingTaskE (libxul.so + 0xe60c55)
#8 0x00007fde5ac093ad _ZN11MessageLoop6DoWorkEv (libxul.so + 0xe653ad)
#9 0x00007fde5abfe762 _ZN4base18MessagePumpDefault3RunEPNS_11MessagePump8DelegateE (libxul.so + 0xe5a762)
#10 0x00007fde5abff6c9 _ZN11MessageLoop3RunEv (libxul.so + 0xe5b6c9)
#11 0x00007fde5dd9885a _Z20XRE_InitChildProcessiPPcPK12XREChildData (libxul.so + 0x3ff485a)
#12 0x0000563ebc45f75b _Z20content_process_mainPN7mozilla9BootstrapEiPPc (plugin-container + 0xf75b)
#13 0x0000563ebc45f323 main (plugin-container + 0xf323)
#14 0x00007fde59850133 __libc_start_main (libc.so.6 + 0x27133)
#15 0x0000563ebc45f64e _start (plugin-container + 0xf64e)```
- Is it related to the version mismatch?
- Is it possibhle to upgrade manually to 2.0.0 by downloading a corresponding `libgmpopenh264.so` ?
- Or should I open a fedora bug instead?
Comment 3•5 years ago
|
||
Is 2.x.x going to make it for next ESR?
Comment 4•5 years ago
|
||
At this point, we're not planning to update to 2.0.0, but I suspect we'll go with 2.1.0 when one is available.
Comment 5•5 years ago
|
||
(In reply to Dan Minor [:dminor] from comment #4)
At this point, we're not planning to update to 2.0.0, but I suspect we'll go with 2.1.0 when one is available.
Well, now you guys don't have any excuse: https://github.com/cisco/openh264/commit/032f97db96827f9c4c183de5bc3794fce7b76bf6
;-)
Updated•5 years ago
|
Updated•3 years ago
|
Description
•