WebRTC crash [@nr_ice_candidate_pair_create]

RESOLVED FIXED in mozilla20

Status

()

Core
WebRTC: Networking
P1
critical
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: posidron, Assigned: jib)

Tracking

(Blocks: 1 bug, {crash})

Trunk
mozilla20
x86_64
Mac OS X
crash
Points:
---
Bug Flags:
in-testsuite -

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [WebRTC], [blocking-webrtc+], [qa-])

Attachments

(3 attachments)

(Reporter)

Description

5 years ago
Created attachment 696030 [details]
callstack

It happened while trying to fuzz the SDP.

./media/mtransport/third_party/nICEr/src/ice/ice_candidate_pair.c:128
    if(r=r_data_make(&pair->stun_client->params.ice_binding_request.password,(UCHAR *)rpwd,strlen(rpwd)))
      ABORT(r);


Tested with m-c changeset: 117036:f5ed2691d901
(Reporter)

Comment 1

5 years ago
Created attachment 696031 [details]
SDP

Updated

5 years ago
Assignee: nobody → ekr
Priority: -- → P1
Whiteboard: [WebRTC], [blocking-webrtc+]
(Assignee)

Updated

5 years ago
Assignee: ekr → jib
Status: NEW → ASSIGNED
(Assignee)

Comment 2

5 years ago
Created attachment 697962 [details] [diff] [review]
Candidate Username/pwd nullcheck
(Assignee)

Updated

5 years ago
Attachment #697962 - Flags: review?(ekr)
(Assignee)

Updated

5 years ago
Attachment #697962 - Flags: review?(ekr) → review?(adam)

Updated

5 years ago
Attachment #697962 - Flags: review?(adam) → review+
(Assignee)

Updated

5 years ago
Attachment #697962 - Flags: checkin?(rjesup)
https://hg.mozilla.org/integration/mozilla-inbound/rev/965e97b75bfa
Target Milestone: --- → mozilla20

Updated

5 years ago
Attachment #697962 - Flags: checkin?(rjesup) → checkin+

Comment 4

5 years ago
https://hg.mozilla.org/mozilla-central/rev/965e97b75bfa
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED

Updated

5 years ago
Whiteboard: [WebRTC], [blocking-webrtc+] → [WebRTC], [blocking-webrtc+], [qa-]

Updated

5 years ago
Flags: in-testsuite-
You need to log in before you can comment on or make changes to this bug.