|
From: | Bastiaan Jacques |
Subject: | [Gnash-commit] [bug #42199] buffer overflow in GnashPluginScriptObject::readPlayer() |
Date: | Sat, 26 Apr 2014 09:51:56 +0000 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:28.0) Gecko/20100101 Firefox/28.0 |
URL: <http://savannah.gnu.org/bugs/?42199> Summary: buffer overflow in GnashPluginScriptObject::readPlayer() Project: Gnash - The GNU Flash player Submitted by: bjacques Submitted on: Sat 26 Apr 2014 11:51:55 AM CEST Category: plugin Severity: 5 - Blocker Release: master Status: Confirmed Privacy: Public Assigned to: bjacques Open/Closed: Open Discussion Lock: Any _______________________________________________________ Details: Upstream bug includes stacktrace: https://bugzilla.redhat.com/show_bug.cgi?id=1065335 In the stacktrace it can be seen that the plugin causes a buffer overflow. Fortunately, the overflow is caught by the stack protectors Fedora enables by default. The stacktrace shows that fd=32767 which is equal to FD_SETSIZE; FD_SET is known to be unable to handle an fd this large. The implication is that Firefox has a huge number of file descriptors opened; I'm not sure whether this is Gnash's fault. _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/bugs/?42199> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/
[Prev in Thread] | Current Thread | [Next in Thread] |