[Gnash-commit] [bug #36002] plugin crash (basic_string::_S

gnash-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnash-commit] [bug #36002] plugin crash (basic_string::_S_construct nul

From:	Bastiaan Jacques
Subject:	[Gnash-commit] [bug #36002] plugin crash (basic_string::_S_construct null not valid) on squidoo.com
Date:	Sun, 25 Mar 2012 22:10:35 +0000
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20100101 Firefox/11.0

URL:
  <http://savannah.gnu.org/bugs/?36002>

                 Summary: plugin crash (basic_string::_S_construct null not
valid) on squidoo.com
                 Project: Gnash - The GNU Flash player
            Submitted by: bjacques
            Submitted on: Mon 26 Mar 2012 12:10:34 AM CEST
                Category: plugin
                Severity: 6 - Security
                 Release: master
                  Status: Confirmed
                 Privacy: Public
             Assigned to: bjacques
             Open/Closed: Open
         Discussion Lock: Any

    _______________________________________________________

Details:

STR:
1. Visit http://www.squidoo.com/kitchen-blinds
2. (If you're using a click-to-play setting): Play the Flash movie directly
under 'kitchen Window Blinds Flickr Photos'.
3. Observe Firefox segfault, or plugin-container if using a recent Firefox:
  terminate called after throwing an instance of 'std::logic_error'
  what():  basic_string::_S_construct null not valid

Downstream bug URL: https://bugzilla.redhat.com/show_bug.cgi?id=672745

Terminal output suggests std::string constructor is being fed a NULL pointer.
The backtrace from the RH Bugzilla points to
nsPluginInstance::processPlayerRequest(). A casual reading of that function
suggests API misuse: calling NPVARIANT_TO_STRING() on an NPVariant without
checking whether that NPVariant is actually a string.

Gdb appears to confirm that suspicion:

#12 0x00007f6eaf73df47 in gnash::nsPluginInstance::processPlayerRequest
(this=0x7f6eb7038900) at ../../../gnash/plugin/npapi/plugin.cpp:834
834                                                      
invoke->args[1].get()));
(gdb) p invoke->args[1]
$3 = (gnash::GnashNPVariant &) @0x7f6eb70b1438: {_variant = {type =
NPVariantType_Null, value = {boolValue = false, intValue = 0, doubleValue = 0,
stringValue = {
        UTF8Characters = 0x0, UTF8Length = 11}, objectValue = 0x0}}}





    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?36002>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[Gnash-commit] [bug #36002] plugin crash (basic_string::_S_construct null not valid) on squidoo.com, Bastiaan Jacques <=
- [Gnash-commit] [bug #36002] plugin crash (basic_string::_S_construct null not valid) on squidoo.com, Bastiaan Jacques, 2012/03/25

Prev by Date: [Gnash-commit] [bug #35635] jemalloc.c uses faulty memory management
Next by Date: [Gnash-commit] [bug #36002] plugin crash (basic_string::_S_construct null not valid) on squidoo.com
Previous by thread: [Gnash-commit] [bug #35635] jemalloc.c uses faulty memory management
Next by thread: [Gnash-commit] [bug #36002] plugin crash (basic_string::_S_construct null not valid) on squidoo.com
Index(es):
- Date
- Thread