[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnash-commit] [bug #36002] plugin crash (basic_string::_S_construct nul
From: |
Bastiaan Jacques |
Subject: |
[Gnash-commit] [bug #36002] plugin crash (basic_string::_S_construct null not valid) on squidoo.com |
Date: |
Sun, 25 Mar 2012 22:10:35 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20100101 Firefox/11.0 |
URL:
<http://savannah.gnu.org/bugs/?36002>
Summary: plugin crash (basic_string::_S_construct null not
valid) on squidoo.com
Project: Gnash - The GNU Flash player
Submitted by: bjacques
Submitted on: Mon 26 Mar 2012 12:10:34 AM CEST
Category: plugin
Severity: 6 - Security
Release: master
Status: Confirmed
Privacy: Public
Assigned to: bjacques
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
STR:
1. Visit http://www.squidoo.com/kitchen-blinds
2. (If you're using a click-to-play setting): Play the Flash movie directly
under 'kitchen Window Blinds Flickr Photos'.
3. Observe Firefox segfault, or plugin-container if using a recent Firefox:
terminate called after throwing an instance of 'std::logic_error'
what(): basic_string::_S_construct null not valid
Downstream bug URL: https://bugzilla.redhat.com/show_bug.cgi?id=672745
Terminal output suggests std::string constructor is being fed a NULL pointer.
The backtrace from the RH Bugzilla points to
nsPluginInstance::processPlayerRequest(). A casual reading of that function
suggests API misuse: calling NPVARIANT_TO_STRING() on an NPVariant without
checking whether that NPVariant is actually a string.
Gdb appears to confirm that suspicion:
#12 0x00007f6eaf73df47 in gnash::nsPluginInstance::processPlayerRequest
(this=0x7f6eb7038900) at ../../../gnash/plugin/npapi/plugin.cpp:834
834
invoke->args[1].get()));
(gdb) p invoke->args[1]
$3 = (gnash::GnashNPVariant &) @0x7f6eb70b1438: {_variant = {type =
NPVariantType_Null, value = {boolValue = false, intValue = 0, doubleValue = 0,
stringValue = {
UTF8Characters = 0x0, UTF8Length = 11}, objectValue = 0x0}}}
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?36002>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [Gnash-commit] [bug #36002] plugin crash (basic_string::_S_construct null not valid) on squidoo.com,
Bastiaan Jacques <=