Closed Bug 875144 Opened 11 years ago Closed 11 years ago

WebAudio heap-buffer-overflow crash [@speex_resampler_process_float]

Categories

(Core :: Web Audio, defect)

Product:
Core
Component:
Web Audio
Platform:
x86_64
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla24
Tracking Flags:
Tracking Status
firefox21 --- unaffected
firefox22 --- disabled
firefox23 - disabled
firefox24 + fixed
firefox-esr17 --- unaffected
b2g18 --- unaffected

People

(Reporter: posidron, Assigned: ehsan.akhgari)

References

Details

(4 keywords, Whiteboard: [adv-main24-])

Attachments

(3 files, 1 obsolete file)

testcase
3.67 KB, text/html
Details
callstack
7.51 KB, text/plain
Details
Fixed one more test
9.07 KB, patch
roc
: review+
Details | Diff | Splinter Review
Attached file testcase 
Tested with m-i changeset: 132700:cf2106c1f0c7 and the patches in bug 874915 and bug 874869.

NOTE: with those patches applied bug 874934 is no longer reproducible.
Attached file callstack 

    
    

    
  
:ehsan, I will most likely reduce the testcase later or tomorrow, I just wanted to file this bug as early as possible.

    
    

    
  
Hey Ehsan, we're going to be triaging the latest critical webaudio bugs in about 2 hours. Do you want to beat us to it or just wait for us to assign them to you? (Sorry man)

Also this is nightly only right?
Flags: needinfo?(ehsan)

    
    

    
  

      
      
      
      

        Attached patch
          
          
        Patch (v1) (obsolete)
        — Splinter Review
      

    


  
Assignee: nobody → ehsan
Status: NEW → ASSIGNED

        Attachment #753427 -
        Flags: review?(roc)
Flags: needinfo?(ehsan)

    
    

    
  
(In reply to David Bolter [:davidb] from comment #3)
> Hey Ehsan, we're going to be triaging the latest critical webaudio bugs in
> about 2 hours. Do you want to beat us to it or just wait for us to assign
> them to you? (Sorry man)

See comment 4.  ;-)

> Also this is nightly only right?

Web Audio is only enabled by default on Nightly and Aurora.  This is Nightly, Aurora and it will also affect Beta users who have the media.webaudio.enabled pref enabled.

          status-firefox22:
          --- → disabled

          status-firefox23:
          --- → affected

          status-firefox24:
          --- → affected

    
    

    
  
Triaging with Ehsan. Note he just told me we'll likely disable for 23 so we may want to update those flags but let's air on the side of caution until that happens.

          status-firefox21:
          --- → unaffected

          tracking-firefox23:
          --- → ?

          tracking-firefox24:
          --- → ?

    
    

    
  


  

        Attachment #753497 -
        Flags: review?(roc)

    
  

        Attachment #753427 -
        Attachment is obsolete: true

        Attachment #753427 -
        Flags: review?(roc)

    
    

    
  
indeed - tracking whether we disable or not, so it stays on the radar

          tracking-firefox23:
          ?+

          tracking-firefox24:
          ?+

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/454f2e5ff75f
Status: ASSIGNED → RESOLVED
Closed: 11 years ago

          status-firefox24:
          affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla24

    
  
Blocks: 875617

    
    

    
  
Mass moving Web Audio bugs to the Web Audio component.  Filter on duckityduck.
Component: Video/Audio → Web Audio

    
    

    
  
No longer tracking for FF23

          tracking-firefox23:
          +-
Whiteboard: [adv-main24-]
Group: core-security

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: