AddressSanitizer: heap-buffer-overflow [@ LockVAAPIData] with READ of size 8
Categories
(Core :: Audio/Video: Playback, defect)
Tracking
()
People
(Reporter: decoder, Assigned: stransky)
References
(Blocks 1 open bug)
Details
(4 keywords, Whiteboard: [sec-survey][post-critsmash-triage])
Attachments
(1 file)
(deleted),
text/plain
|
Details |
The attached crash information was submitted via the ASan Nightly Reporter on mozilla-central-asan-nightly revision 100.0a1-20220308220159-https://hg.mozilla.org/mozilla-central/rev/c06bbb0ddc24d3d1605e5f67c1b875aad60e26c5.
For detailed crash information, see attachment.
Reporter | ||
Comment 1•3 years ago
|
||
Reporter | ||
Updated•3 years ago
|
Comment 2•3 years ago
|
||
It looks like Stransky wrote a lot of this code, so I'll needinfo them in case they can take a look.
Updated•3 years ago
|
Updated•3 years ago
|
Assignee | ||
Comment 4•3 years ago
|
||
This fixed by Bug 1758610 - we used wrong AVFrame layout for ffmpeg 5.0.
Assignee | ||
Updated•3 years ago
|
Updated•3 years ago
|
Comment 5•3 years ago
|
||
Looking at the dependencies on bug 1610199 we are nowhere near turning this on by default, even in nightly (there's not even an "enable on nightly" placeholder bug yet). Experimental features that are disabled by default are not part of the bug bounty program yet -- we can't afforde to cover incomplete and not fully tested code.
Comment 6•3 years ago
|
||
As part of a security bug pattern analysis, we are requesting your help with a high level analysis of this bug. It is our hope to develop static analysis (or potentially runtime/dynamic analysis) in the future to identify classes of bugs.
Please visit this google form to reply.
Assignee | ||
Updated•3 years ago
|
Updated•3 years ago
|
Updated•2 years ago
|
Description
•