Closed
Bug 603918
Opened 14 years ago
Closed 14 years ago
Malformed WebM file leads to crash [@peek_element]
Categories
(Core :: Audio/Video, defect)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | final+ |
People
(Reporter: posidron, Assigned: kinetik)
References
Details
Attachments
(2 files)
File: 0.webm
Number of values: 14
Offset: 4391/0x001127 Value: ['00', '00', '00', '01']
Offset: 16337/0x003fd1 Value: ['00', '00']
Offset: 32387/0x007e83 Value: ['80', '00', '00', '00', '00', '00', '00', '00']
Offset: 37970/0x009452 Value: ['ff', 'ff', 'ff', 'ff']
Offset: 38041/0x009499 Value: ['00', '00', '00', '00']
Offset: 39462/0x009a26 Value: ['00', '00']
Offset: 42438/0x00a5c6 Value: ['80', '00', '00', '00', '00', '00', '00', '00']
Offset: 54883/0x00d663 Value: ['00', '00']
Offset: 58256/0x00e390 Value: ['ff', 'c4', '40', '0f']
Offset: 63539/0x00f833 Value: ['80', '00', '00', '00', '00', '00', '00', '00']
Offset: 71026/0x011572 Value: ['7f', 'ff']
Offset: 78704/0x013370 Value: ['20', '00']
Offset: 79379/0x013613 Value: ['7f', 'ff', 'ff', 'ff']
Offset: 87426/0x015582 Value: ['80', '00']
Windows 7 is also affected.
Please execute the provided html file.
|
Reporter | |
Comment 1•14 years ago
|
||
|
Assignee | |
Updated•14 years ago
|
Assignee: nobody → kinetik
Status: NEW → ASSIGNED
|
|
Assignee | |
Updated•14 years ago
|
blocking2.0: --- → ?
|
|
Assignee | |
Comment 2•14 years ago
|
||
In nsWebMReader::ReadMetadata, vorbis_synthesis_headerin fails (returning OV_EBADHEADER), so we call nsWebMReader::Cleanup() (destroying mContext) and then return an error. nsBuiltinDecoderStateMachine::LoadMetadata fails to check the result of ReadMetadata() and we eventually crash when we're called to decode a frame. So this sounds like the same bug as bug 604067 comment 4 mentions in the first sentence.
blocking2.0: ? → final+
|
|
Assignee | |
Comment 3•14 years ago
|
||
Fixed by bug 604067.
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
|
||
Comment 4•14 years ago
|
||
(In reply to comment #3)
> Fixed by bug 604067.
Just backed this out unfortunately. :(
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
||
Comment 5•14 years ago
|
||
Bug 604067 landed again, so this should be fixed...
Status: REOPENED → RESOLVED
Closed: 14 years ago → 14 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Updated•12 years ago
|
Blocks: fuzzing-webm
You need to log in
before you can comment on or make changes to this bug.
Description
•