Closed
Bug 905444
Opened 11 years ago
Closed 11 years ago
WebAudio crash [@mozilla::AudioChannelsUpMix]
Categories
(Core :: Web Audio, defect)
Tracking
()
RESOLVED
FIXED
mozilla26
| Tracking | Status | |
|---|---|---|
| firefox24 | --- | disabled |
| firefox25 | --- | fixed |
| firefox26 | --- | fixed |
| firefox-esr17 | --- | unaffected |
| firefox-esr24 | --- | disabled |
| b2g18 | --- | unaffected |
People
(Reporter: posidron, Assigned: ehsan.akhgari)
References
Details
(Keywords: crash, sec-moderate, testcase, Whiteboard: [blocking-webaudio+])
Attachments
(3 files)
|
(deleted),
text/html
|
Details | |
|
(deleted),
text/plain
|
Details | |
|
(deleted),
patch
|
roc
:
review+
abillings
:
approval-mozilla-aurora+
abillings
:
sec-approval+
|
Details | Diff | Splinter Review |
content/media/AudioChannelFormat.cpp:85
83 if (inputChannelCount < CUSTOM_CHANNEL_LAYOUTS &&
84 outputChannelCount <= CUSTOM_CHANNEL_LAYOUTS) {
85 const UpMixMatrix& m = gUpMixMatrices[
86 gMixingMatrixIndexByChannels[inputChannelCount - 1] +
87 outputChannelCount - inputChannelCount - 1];
Tested with http://hg.mozilla.org/integration/mozilla-inbound/rev/a24cbd51b6f7
+ https://bugzilla.mozilla.org/show_bug.cgi?id=865253
|
Reporter | |
Comment 1•11 years ago
|
||
|
Assignee | |
Comment 2•11 years ago
|
||
Somebody (me?) made the mistake of not checking for empty channel data here...
|
|
Assignee | |
Comment 3•11 years ago
|
||
Comment on attachment 790978 [details] [diff] [review]
Patch (v1)
This is a bug in Web Audio, which affects Firefox 25 and 26. The fix is very simple and very safe. With enough effort, one could perhaps construct a test case based on the fix, but I don't think that's a severe issue since this bug doesn't affect any stable channels.
Attachment #790978 -
Flags: sec-approval?
Attachment #790978 -
Flags: approval-mozilla-aurora?
Attachment #790978 -
Flags: review?(roc) → review+
|
||
Comment 4•11 years ago
|
||
Comment on attachment 790978 [details] [diff] [review]
Patch (v1)
I'll ignore the lack of a security rating here but it would be good to have one.
Attachment #790978 -
Flags: sec-approval?
Attachment #790978 -
Flags: sec-approval+
Attachment #790978 -
Flags: approval-mozilla-aurora?
Attachment #790978 -
Flags: approval-mozilla-aurora+
|
|
Reporter | |
Comment 5•11 years ago
|
||
(In reply to Al Billings [:abillings] from comment #4)
> Comment on attachment 790978 [details] [diff] [review]
> Patch (v1)
>
> I'll ignore the lack of a security rating here but it would be good to have
> one.
Marking this as sec-moderate. Based on comment 3 I presume that this bug got not introduced with the applied patch for the Oscillator node.
Keywords: sec-moderate
|
|
Assignee | |
Comment 6•11 years ago
|
||
(In reply to Christoph Diehl [:cdiehl] from comment #5)
> (In reply to Al Billings [:abillings] from comment #4)
> > Comment on attachment 790978 [details] [diff] [review]
> > Patch (v1)
> >
> > I'll ignore the lack of a security rating here but it would be good to have
> > one.
>
> Marking this as sec-moderate.
I think that's fair.
> Based on comment 3 I presume that this bug got
> not introduced with the applied patch for the Oscillator node.
No, it wasn't. This is a bug in the general mixing code that we use for all kinds of AudioNode connections.
|
|
Assignee | |
Comment 7•11 years ago
|
||
Whiteboard: [blocking-webaudio+][checkin-needed-aurora]
|
||
Comment 8•11 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
status-firefox25:
--- → affected
status-firefox26:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla26
|
|
||
Comment 9•11 years ago
|
||
Whiteboard: [blocking-webaudio+][checkin-needed-aurora] → [blocking-webaudio+]
|
||
Updated•11 years ago
|
status-b2g18:
--- → unaffected
status-firefox-esr17:
--- → unaffected
status-firefox-esr24:
--- → disabled
|
|
||
Updated•11 years ago
|
status-firefox24:
--- → disabled
|
|
||
Updated•10 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•