Closed
Bug 880342
Opened 11 years ago
Closed 11 years ago
WebAudio heap-buffer-overflow crash [@mozilla::AudioBlockSumOfSquares]
Categories
(Core :: Web Audio, defect)
Tracking
()
RESOLVED
FIXED
mozilla24
Tracking | Status | |
---|---|---|
firefox23 | --- | unaffected |
firefox24 | + | fixed |
firefox-esr17 | --- | unaffected |
b2g18 | --- | unaffected |
People
(Reporter: posidron, Assigned: ehsan.akhgari)
References
Details
(4 keywords, Whiteboard: [adv-main24-])
Attachments
(3 files)
A reduced testcase will follow in the next comment. content/media/AudioNodeEngine.cpp:158 float AudioBlockSumOfSquares(const float* aInput, uint32_t aLength) { float sum = 0.0f; while (aLength--) { * sum += *aInput * *aInput; ++aInput; } return sum; } Tested with http://hg.mozilla.org/integration/mozilla-inbound/rev/2551c645b782 + ehsan's patch for the Convolver node.
Reporter | ||
Comment 1•11 years ago
|
||
Reporter | ||
Comment 2•11 years ago
|
||
reduced testcase
Comment 3•11 years ago
|
||
Does this affect Aurora? This is disabled in Beta, right?
status-firefox24:
--- → affected
tracking-firefox24:
--- → +
Assignee | ||
Comment 4•11 years ago
|
||
Can you please test without my patch as well?
Flags: needinfo?(cdiehl)
Assignee | ||
Comment 5•11 years ago
|
||
(In reply to Al Billings [:abillings] from comment #3) > Does this affect Aurora? This is disabled in Beta, right? This is with the patch to bug 815643 which has not landed yet...
Assignee | ||
Comment 6•11 years ago
|
||
Fixed locally, and landed the test case: https://hg.mozilla.org/integration/mozilla-inbound/rev/a178af222dd4
Assignee: nobody → ehsan
Flags: needinfo?(cdiehl)
Reporter | ||
Comment 7•11 years ago
|
||
Tested it again with Ehsan's updated patch https://gist.github.com/ehsan/5730140 and the testcase is not reproducible anymore. Fixed.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Comment 8•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/a178af222dd4
Updated•11 years ago
|
status-firefox23:
--- → unaffected
status-firefox-esr17:
--- → unaffected
Updated•11 years ago
|
Whiteboard: [adv-main24-]
Updated•11 years ago
|
status-b2g18:
--- → unaffected
Updated•10 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•