Closed
Bug 964761
Opened 11 years ago
Closed 11 years ago
Stack buffer overflow in content/media/webm/EbmlComposer.cpp
Categories
(Core :: Audio/Video, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 964762
People
(Reporter: padenot, Assigned: padenot)
Details
Attachments
(1 file)
11 years ago
1.17 KB,
patch
|
Details | Diff | Splinter Review |
15:07.96 In file included from /usr/include/string.h:638:0,
15:07.96 from ../../../dist/system_wrappers/string.h:3,
15:07.96 from ../../../dist/include/nsTArray.h:16,
15:07.96 from /home/padenot/src/trees/mozilla-inbound/content/media/webm/EbmlComposer.h:8,
15:07.96 from /home/padenot/src/trees/mozilla-inbound/content/media/webm/EbmlComposer.cpp:6,
15:07.96 from /home/padenot/src/trees/mozilla-inbound/obj-x86_64-unknown-linux-gnu/content/media/webm/Unified_cpp_content_media_webm0.cpp:2:
15:07.96 In function ‘char* strcpy(char*, const char*)’,
15:07.96 inlined from ‘void mozilla::EbmlComposer::GenerateHeader()’ at /home/padenot/src/trees/mozilla-inbound/content/media/webm/EbmlComposer.cpp:50:43:
15:07.96 /usr/include/x86_64-linux-gnu/bits/string3.h:104:86: error: call to char* __builtin___strcpy_chk(char*, const char*, long unsigned int) will always overflow destination buffer [-Werror]
"A_VORBIS" is 9 char long (because of the \0). Maybe we don't want the '\0' in the container, in which case we can just put a "- 1" on the size.
Assignee | ||
Comment 1•11 years ago
|
||
Seems like I screwed up, here, real bug is bug 964762.
Assignee | ||
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Assignee | ||
Updated•11 years ago
|
Attachment #8366630 -
Flags: review?
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•8 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•