|
| From: | Bastiaan Jacques |
| Subject: | [Gnash-commit] [bug #42199] buffer overflow in GnashPluginScriptObject::readPlayer() |
| Date: | Sat, 26 Apr 2014 09:51:56 +0000 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:28.0) Gecko/20100101 Firefox/28.0 |
URL:
<http://savannah.gnu.org/bugs/?42199>
Summary: buffer overflow in
GnashPluginScriptObject::readPlayer()
Project: Gnash - The GNU Flash player
Submitted by: bjacques
Submitted on: Sat 26 Apr 2014 11:51:55 AM CEST
Category: plugin
Severity: 5 - Blocker
Release: master
Status: Confirmed
Privacy: Public
Assigned to: bjacques
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
Upstream bug includes stacktrace:
https://bugzilla.redhat.com/show_bug.cgi?id=1065335
In the stacktrace it can be seen that the plugin causes a buffer overflow.
Fortunately, the overflow is caught by the stack protectors Fedora enables by
default.
The stacktrace shows that fd=32767 which is equal to FD_SETSIZE; FD_SET is
known to be unable to handle an fd this large.
The implication is that Firefox has a huge number of file descriptors opened;
I'm not sure whether this is Gnash's fault.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?42199>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
| [Prev in Thread] | Current Thread | [Next in Thread] |