Closed
Bug 858644
Opened 12 years ago
Closed 12 years ago
WebRTC TURN use-after-free crash [@nr_turn_stun_ctx_start]
Categories
(Core :: WebRTC: Signaling, defect)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| firefox21 | --- | unaffected |
| firefox22 | --- | unaffected |
| firefox23 | --- | unaffected |
| firefox-esr17 | --- | unaffected |
| b2g18 | --- | unaffected |
People
(Reporter: posidron, Assigned: ekr)
References
Details
(4 keywords, Whiteboard: [WebRTC][blocking-webrtc-][turn][qa-])
Attachments
(1 file)
|
7.61 KB,
text/plain
|
Details |
This happened while running the IceGatherTest.TestGatherTurn test.
alloc: media/mtransport/third_party/nICEr/src/stun/turn_client_ctx.c:99
if (!(sctx=RCALLOC(sizeof(nr_turn_stun_ctx))))
ABORT(R_NO_MEMORY);
free: media/mtransport/third_party/nICEr/src/stun/turn_client_ctx.c:371
/* Setting these alues to 0 isn't strictly necessary, but
it protects us in case we double cancel and for
some reason bungle the states above in future.*/
RFREE(ctx->label);
ctx->label = 0;
re-use: media/mtransport/third_party/nICEr/src/stun/turn_client_ctx.c:196
if ((r=nr_stun_client_reset(ctx->stun))) {
r_log(NR_LOG_TURN, LOG_ERR, "TURN(%s): Couldn't reset STUN",
ctx->tctx->label);
ABORT(r);
Tested with m-i rev 8262a337d5be and with the patch of bug 786235.
|
Reporter | |
Updated•12 years ago
|
Summary: WebRTC use-after-free crash [@nr_turn_stun_ctx_start] → WebRTC TURN use-after-free crash [@nr_turn_stun_ctx_start]
|
||
Updated•12 years ago
|
Assignee: nobody → ekr
Whiteboard: [WebRTC][blocking-webrtc?]
|
|
||
Updated•12 years ago
|
Whiteboard: [WebRTC][blocking-webrtc?] → [WebRTC][blocking-webrtc-][turn]
|
Assignee | |
Comment 1•12 years ago
|
||
cdiehl:
Can you please retry with the latest patch. I moved this free...
Flags: needinfo?(cdiehl)
|
|
Assignee | |
Comment 2•12 years ago
|
||
Hmm.... I actually didn't upload that patch yet....
|
|
Reporter | |
Comment 3•12 years ago
|
||
This seems to be fixed with the updated patch https://bugzilla.mozilla.org/show_bug.cgi?id=786235#c18
Status: NEW → RESOLVED
Closed: 12 years ago
Flags: needinfo?(cdiehl)
Resolution: --- → FIXED
|
||
Updated•12 years ago
|
Flags: in-testsuite-
Whiteboard: [WebRTC][blocking-webrtc-][turn] → [WebRTC][blocking-webrtc-][turn][qa-]
|
||
Updated•12 years ago
|
status-b2g18:
--- → unaffected
status-firefox21:
--- → unaffected
status-firefox22:
--- → unaffected
status-firefox23:
--- → unaffected
status-firefox-esr17:
--- → unaffected
|
||
Updated•10 years ago
|
Group: core-security → core-security-release
|
|
||
Updated•9 years ago
|
Keywords: csectype-uaf,
sec-high
|
|
||
Updated•9 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•