Crash [@ strcasecmp_l ] and [@ npdsplay.dll@0x1e9a3 ]

RESOLVED FIXED

Status

--
critical
RESOLVED FIXED
9 years ago
2 years ago

People

(Reporter: cbook, Unassigned)

Tracking

(Blocks: 1 bug, {crash, testcase})

Details

(Whiteboard: [sg:dos null-deref][crashkill][crashkill-automation], crash signature, URL)

Attachments

(1 attachment)

(Reporter)

Description

9 years ago
Steps to reproduce:

-> Load http://brasilia.jovempanfm.virgula.uol.com.br/estudio/player.php?video%3Dmms%3A//server10.virgula.com.br/jpfmaudios/giveituptome.wma
--> Crashes on load on Windows/Mac 1.9.1/1.9.2/Trunk Builds opt/debug

Debug Builds show no indication why it crashed - only For video/x-ms-wmv found plugin npdsplay.dll - marking as sg since !exploitable did not fire 

Mac Crash Id:  http://crash-stats.mozilla.com/report/index/22f5be9b-938e-4dd4-8886-873752100123 - [@ strcasecmp_l ]
Windows: http://crash-stats.mozilla.com/report/index/34e10cca-6b5c-42bf-9d58-df24b2100123 -  [@ npdsplay.dll@0x1e9a3 ]  

Nominating for 1.9.2.1 in case its something we can fix.
(Reporter)

Updated

9 years ago
blocking1.9.1: --- → ?
blocking1.9.2: --- → ?
blocking2.0: --- → ?
(Reporter)

Comment 1

9 years ago
Created attachment 423187 [details]
zipped source of the crashing page - crashes on load as local testcase
(Reporter)

Updated

9 years ago
Keywords: testcase

Comment 2

9 years ago
this looks a lot like Bug 512387
This doesn't look like something we can fix, if it's crashing that deep into the plugin. We should report it to the vendors though.
blocking1.9.1: ? → ---
blocking1.9.2: ? → ---
blocking2.0: ? → ---
Whiteboard: [crashkill][crashkill-automation] → [sg:vector][crashkill][crashkill-automation]
(Reporter)

Comment 4

9 years ago
(In reply to comment #3)
> This doesn't look like something we can fix, if it's crashing that deep into
> the plugin. We should report it to the vendors though.

informed MS and Flip4Mac on Jan 27!
(Reporter)

Comment 5

9 years ago
(In reply to comment #4)
> informed MS and Flip4Mac on Jan 27!

Reply from MSRC today:

Hello Carsten, 

   We have done our investigation and from all indications we believe this to be a null pointer dref which we are unable to find a way to exploit.  If you have any information that would indicate otherwise please let me know and we will take the needed action.  Currently we are going to slate this for a next version fix.  Please let me know if you have any questions or concerns with the outcome of our investigation.

Best Regards, 
Charles  [cw]

Updated

9 years ago
Group: core-security
Whiteboard: [sg:vector][crashkill][crashkill-automation] → [crashkill][crashkill-automation]
If this is a plugin bug to be fixed in the next release is there a benefit to keeping the bug open on our end?
Whiteboard: [crashkill][crashkill-automation] → [sg:dos null-deref][crashkill][crashkill-automation]
(Reporter)

Comment 7

9 years ago
(In reply to comment #6)
> If this is a plugin bug to be fixed in the next release is there a benefit to
> keeping the bug open on our end?

i think we can close bug since (maybe as invalid) , since its a 3rd party issue -> plugin here.

Updated

9 years ago
Component: Plug-ins → Windows Media Player (Microsoft)
Product: Core → Plugins
QA Contact: plugins → microsoft-wmp
Version: Trunk → unspecified
(Assignee)

Updated

7 years ago
Crash Signature: [@ strcasecmp_l ] [@ npdsplay.dll@0x1e9a3 ]

Comment 8

7 years ago
Could not reproduce with Beta/11, Aurora/12, Nightly/13. Considering the age of this bug and the updates since then I think this was fixed by MS.
Status: NEW → RESOLVED
Crash Signature: [@ strcasecmp_l ] [@ npdsplay.dll@0x1e9a3 ] → [@ strcasecmp_l ] [@ npdsplay.dll@0x1e9a3 ]
Last Resolved: 7 years ago
Resolution: --- → FIXED
(Assignee)

Updated

2 years ago
Product: Plugins → Plugins Graveyard
You need to log in before you can comment on or make changes to this bug.