WebAudio heap-buffer-overflow crash [@mozilla::AudioBlockCopyChannelWithScale]

RESOLVED DUPLICATE of bug 876118

Status

()

defect
--
critical
RESOLVED DUPLICATE of bug 876118
6 years ago
3 years ago

People

(Reporter: posidron, Unassigned)

Tracking

(Blocks 1 bug, 4 keywords)

Trunk
x86_64
macOS
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [blocking-webaudio-])

Attachments

(2 attachments)

(Reporter)

Description

6 years ago
Posted file testcase
./content/media/AudioNodeEngine.cpp:64

void
AudioBlockCopyChannelWithScale(const float* aInput,
                               float aScale,
                               float* aOutput)
{
  if (aScale == 1.0f) {
*   memcpy(aOutput, aInput, WEBAUDIO_BLOCK_SIZE*sizeof(float));
[...]


Tested with m-i changeset: 132982:ce25da24ba1c
(Reporter)

Comment 1

6 years ago
Posted file callstack
Dupe of bug 876118.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 876118
Mass moving Web Audio bugs to the Web Audio component.  Filter on duckityduck.
Component: Video/Audio → Web Audio
Whiteboard: [blocking-webaudio-]

Updated

4 years ago
Group: core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.