558772 - Reproducible WMV crash [@ strcasecmp_l] [@ Flip4Mac WMV Plugin@0x5556]

Status: RESOLVED INCOMPLETE

(External Software Affecting Firefox :: Other, defect)

Description

[timeless]

+++ This bug was initially created as a clone of Bug #512387 +++

Created an attachment (id=396366)
wget'd page zipped

Load the url provided and crash. 1.9.0, 1.9.1, and 1.9.2 also crash.

reproducible on Mac
Product    Firefox Version    3.5.3pre
Build ID    20090821030839

http://crash-stats.mozilla.com/report/index/7094ff7d-876a-4fc7-9dc7-4b7ea2090824

0      libSystem.B.dylib      strcasecmp_l      
1     libSystem.B.dylib     strcasecmp     
2     Flip4Mac WMV Plugin     Flip4Mac WMV Plugin@0x5556     
3     Flip4Mac WMV Plugin     Flip4Mac WMV Plugin@0x56f1     
4     Flip4Mac WMV Plugin     Flip4Mac WMV Plugin@0x5d91     
5     XUL     nsNPAPIPluginInstance::InitializePlugin    
modules/plugin/base/src/nsNPAPIPluginInstance.cpp:1030
6     XUL     nsPluginHostImpl::TrySetUpPluginInstance    
modules/plugin/base/src/nsPluginHostImpl.cpp:3872
7     XUL     nsPluginHostImpl::SetUpPluginInstance    
modules/plugin/base/src/nsPluginHostImpl.cpp:3670
8     XUL     nsPluginHostImpl::InstantiateEmbeddedPlugin    
modules/plugin/base/src/nsPluginHostImpl.cpp:3361
9     XUL     nsPluginStreamListenerPeer::OnStartRequest    
modules/plugin/base/src/nsPluginHostImpl.cpp:2025
10     XUL     nsObjectLoadingContent::OnStartRequest    
content/base/src/nsObjectLoadingContent.cpp:608
11     XUL     NS_InvokeByIndex_P    
xpcom/reflect/xptcall/src/md/unix/xptcinvoke_unixish_x86.cpp:179
12     XUL     XPCWrappedNative::CallMethod    
js/src/xpconnect/src/xpcwrappednative.cpp:2454
13     XUL     XPC_WN_CallMethod    
js/src/xpconnect/src/xpcwrappednativejsops.cpp:1590
14     libmozjs.dylib     js_Invoke     js/src/jsinterp.cpp:1386
15     libmozjs.dylib     js_Interpret     js/src/jsinterp.cpp:5179
16     libmozjs.dylib     js_Invoke     js/src/jsinterp.cpp:1394
17     XUL     nsXPCWrappedJSClass::CallMethod    
js/src/xpconnect/src/xpcwrappedjsclass.cpp:1697
18     XUL     nsXPCWrappedJS::CallMethod    
js/src/xpconnect/src/xpcwrappedjs.cpp:569
19     XUL     PrepareAndDispatch    
xpcom/reflect/xptcall/src/md/unix/xptcstubs_unixish_x86.cpp:93
20     XUL     PrepareAndDispatch     
21     XUL     nsHttpChannel::CallOnStartRequest    
netwerk/protocol/http/src/nsHttpChannel.cpp:846
22     XUL     nsHttpChannel::ProcessNormal    
netwerk/protocol/http/src/nsHttpChannel.cpp:1128
23     XUL     nsHttpChannel::ProcessResponse    
netwerk/protocol/http/src/nsHttpChannel.cpp:997
24     XUL     nsHttpChannel::OnStartRequest    
netwerk/protocol/http/src/nsHttpChannel.cpp:4868
25     XUL     nsInputStreamPump::OnStateStart    
netwerk/base/src/nsInputStreamPump.cpp:439
26     XUL     nsInputStreamPump::OnInputStreamReady    
netwerk/base/src/nsInputStreamPump.cpp:395
27     XUL     nsInputStreamReadyEvent::Run     xpcom/io/nsStreamUtils.cpp:111
28     XUL     nsThread::ProcessNextEvent     xpcom/threads/nsThread.cpp:510
29     XUL     NS_ProcessPendingEvents_P     nsThreadUtils.cpp:180
30     XUL     nsBaseAppShell::NativeEventCallback    
widget/src/xpwidgets/nsBaseAppShell.cpp:121
31     XUL     nsAppShell::ProcessGeckoEvents    
widget/src/cocoa/nsAppShell.mm:405
32     CoreFoundation     CFRunLoopRunSpecific     
33     CoreFoundation     CFRunLoopRunInMode     
34     HIToolbox     RunCurrentEventLoopInMode     
35     HIToolbox     ReceiveNextEventCommon     
36     HIToolbox     BlockUntilNextEventMatchingListInMode     
37     AppKit     _DPSNextEvent     
38     AppKit     -[NSApplication
nextEventMatchingMask:untilDate:inMode:dequeue:]     
39     AppKit     -[NSApplication run]     
40     XUL     nsAppShell::Run     widget/src/cocoa/nsAppShell.mm:720
41     XUL     nsAppStartup::Run    
toolkit/components/startup/src/nsAppStartup.cpp:193
42     XUL     XRE_main     toolkit/xre/nsAppRunner.cpp:3321
43     firefox-bin     main     browser/app/nsBrowserApp.cpp:156
44     firefox-bin     firefox-bin@0x1541     
45     firefox-bin     firefox-bin@0x1468     
46         @0x2

Bug 512387 Comment 3 chris hofmann 2009-08-24 19:49:49 PDT

maybe bug 511767

Bug 512387 Comment 4 Jesse Ruderman 2009-08-28 20:13:37 PDT

Do we have contacts who work on Windows Media Player and Flip4Mac?  We can't
fix this bug ourselves.

Bug 512387 Comment 5 chris hofmann 2009-08-29 11:24:50 PDT

yeah, if we think there is possible security implication in their code beyond a
DoS we should send a report from security@mozilla.org to
security@microsoft.com.  

We should also do this also if we don't want to take the time, or can't, figure
out the possible security implications.  

we could just send mail to Microsoft, ask for a cc mail address and give that
bugzilla account access to the bug.

it maybe harder to find something for flip. flip might license code from
Microsoft so Microsoft might have contact.

we could just try mail to security@theflip.com  but I guess a smaller consumer
product company like that my not have security@ set up.

on http://www.theflip.com/privacy.shtml I see another possible e-mail

13. QUESTIONS OR COMMENTS

If you have any questions, comments, or concerns relating to the Pure Digital
Services or this privacy policy, please send an e-mail to
privacy@puredigitalinc.com or write to us at:

Pure Digital Technologies, Inc.
Attn: Privacy Compliance Officer
30 Maiden Lane
6th Floor
San Francisco, CA 94108


Sound like a plan?  If this makes sense can dveditz, bsterne, reed, or other
that has the mail cert send this mail?

Bug 512387 Comment 6 chris hofmann 2009-08-29 11:26:35 PDT

the mail should also reference and grant access to bug 511767

Bug 512387 Comment 7 Daniel Veditz      2009-09-22 14:04:52 PDT

The WMP crash in comment 0 is a null deref

A crash in Flip4Mac should get its own bug, there's no relation between these
two as far as I know. There's not enough information in comment 1 to say
whether the Flip4Mac crash is a problem or not.