Closed Bug 877523 Opened 11 years ago Closed 11 years ago

WebAudio global-buffer-overflow crash [@mozilla::dom::DelayNodeEngine::ProduceAudioBlock]

Categories

(Core :: Web Audio, defect)

Product:
Core
Component:
Web Audio
Platform:
x86_64
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla24
Tracking Flags:
Tracking Status
firefox22 --- disabled
firefox23 - disabled
firefox24 + fixed
firefox-esr17 --- unaffected
b2g18 --- unaffected

People

(Reporter: posidron, Assigned: ehsan.akhgari)

References

Details

(4 keywords, Whiteboard: [adv-main24-])

Attachments

(4 files, 1 obsolete file)

testcase
(deleted), text/html
Details
callstack
(deleted), text/plain
Details
testcase-reduced
(deleted), text/html
Details
Fixed a typo in the test
(deleted), patch
roc
: review+
Details | Diff | Splinter Review
Attached file testcase (deleted) —
content/media/webaudio/DelayNode.cpp:215 // Write the input sample to the correct location in our buffer if (input) { * buffer[writeIndex] = input[i] * aInput.mVolume; } Tested with http://hg.mozilla.org/integration/mozilla-inbound/rev/c9e6ca6528b8
Attached file callstack (deleted) —
Attached file testcase-reduced (deleted) —
Attached patch Patch (v1) (obsolete) (deleted) — Splinter Review
OK, this is really embarrassing. We ended up calculating 0 for all maxDelay values less than 1, so the internal buffer's size would end up being 0.
Assignee: nobody → ehsan
Status: NEW → ASSIGNED
Attachment #755980 - Flags: review?(roc)
Attached patch Fixed a typo in the test (deleted) — Splinter Review
Attachment #755980 - Attachment is obsolete: true
Attachment #755980 - Flags: review?(roc)
Attachment #756073 - Flags: review?(roc)
https://hg.mozilla.org/mozilla-central/rev/e12be295c0b1
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
status-firefox24: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla24
Flags: in-testsuite+
Mass moving Web Audio bugs to the Web Audio component. Filter on duckityduck.
Component: Video/Audio → Web Audio
Whiteboard: [adv-main24-]
Group: core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: