[Mono-bugs] [Bug 368523] Invalid read in media code.
bugzilla_noreply at novell.com
bugzilla_noreply at novell.com
Wed Apr 30 11:11:13 EDT 2008
https://bugzilla.novell.com/show_bug.cgi?id=368523
User spouliot at novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=368523#c3
--- Comment #3 from Sebastien Pouliot <spouliot at novell.com> 2008-04-30 09:11:13 MST ---
Most of them seems related to closing firefox itself while being valgrinded
(i.e. a very slow exit). In this case we see one (or in some cases many)
warnings:
Moonlight: The plugin has been deleted, but we're still emitting events?
Others, like this:
==2445== 24 errors in context 12 of 13:
==2445== Conditional jump or move depends on uninitialised value(s)
==2445== at 0x40222A7: strlen (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==2445== by 0x46CDCFC: g_str_has_prefix (in
/opt/gnome/lib/libglib-2.0.so.0.800.6)
==2445== by 0xD6C5237: PlaylistParser::ParseASX2() (playlist.cpp:1174)
==2445== by 0xD6C545F: PlaylistParser::Parse() (playlist.cpp:1201)
==2445== by 0xD6BD541: ASXDemuxer::ReadHeader() (pipeline.cpp:1351)
==2445== by 0xD6BD991: Media::Open(IMediaSource*) (pipeline.cpp:504)
==2445== by 0xD6AA4D0: MediaElement::TryOpen() (media.cpp:1167)
==2445== by 0xD6AA83B: MediaElement::DownloaderComplete() (media.cpp:1244)
==2445== by 0xD6A4CD3: MediaBase::downloader_complete(EventObject*,
EventArgs*, void*) (media.cpp:64)
==2445== by 0xD690277: EventObject::Emit(int, EventArgs*)
(dependencyobject.cpp:400)
==2445== by 0xD692E02: Downloader::NotifyFinished(char const*)
(downloader.cpp:535)
==2445== by 0xD52A4D4: PluginInstance::StreamAsFile(_NPStream*, char const*)
(plugin.cpp:1036)
happens because the code reads (playlist.cpp) memory buffers then call string
functions on them. Since there's no guarantee of a NULL being present in the
buffer the code can read past the allocated buffer.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
More information about the mono-bugs
mailing list