Closed
Bug 688997
Opened 12 years ago
Closed 12 years ago
Pointer truncation in waveOutProc callback (x64)
Categories
(Core :: Audio/Video, defect)
Tracking
()
RESOLVED
FIXED
mozilla9
People
(Reporter: bugzilla.10.animefan, Assigned: kinetik)
Details
(Keywords: crash)
Attachments
(1 file)
2.02 KB,
patch
|
cpearce
:
review+
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Steps to reproduce: Trying to play the video at http://ww.mozilla.org/projects/firefox/prerelease.html crashes Firefox 9.0 x64 nightly on a system with more than 4 GB RAM and AllocationPreference set to 0x100000 in the registry. Actual results: Firefox 9.0 x64 crashed in xul!waveOutProc+0x1f [e:\builds\moz2_slave\m-cen-w64-ntly\build\media\libsydneyaudio\src\sydney_audio_waveapi.c @ 639] Firefox uses this signature for the callback: void CALLBACK waveOutProc( HWAVEOUT hWaveOut, UINT uMsg, DWORD dwInstance, DWORD dwParam1, DWORD dwParam2 ) This is not correct. According to MSDN this is the correct signature for this callback: void CALLBACK waveOutProc( HWAVEOUT hwo, UINT uMsg, DWORD_PTR dwInstance, DWORD_PTR dwParam1, DWORD_PTR dwParam2 ); ( reference : http://msdn.microsoft.com/en-us/library/dd743869(v=vs.85).aspx ) By assigning the dwInstance to a DWORD the pointer to the handle can get truncated on 64 bit systems. Expected results: Firefox should not crash. Fix: Use the correct calling convention for the callback.
Updated•12 years ago
|
Component: General → Video/Audio
Keywords: crash
Product: Firefox → Core
QA Contact: general → video.audio
Version: unspecified → Trunk
Assignee | ||
Comment 1•12 years ago
|
||
Assignee: nobody → kinetik
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Attachment #562269 -
Flags: review?(chris)
Updated•12 years ago
|
Attachment #562269 -
Flags: review?(chris) → review+
Assignee | ||
Comment 2•12 years ago
|
||
http://hg.mozilla.org/integration/mozilla-inbound/rev/2cd423eb0392
Target Milestone: --- → mozilla9
Comment 3•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/2cd423eb0392
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•