Bug 479149 - Crash in npwrapper.so due to malloc misuse
Crash in npwrapper.so due to malloc misuse
Product: Fedora
Classification: Fedora
Component: nspluginwrapper (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Martin Stransky
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2009-01-07 11:08 EST by John Sullivan
Modified: 2009-01-13 08:42 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-01-13 08:42:17 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Fix for crash (319 bytes, patch)
2009-01-07 11:11 EST, John Sullivan
no flags Details | Diff

  None (edit)
Description John Sullivan 2009-01-07 11:08:13 EST
Description of problem:

An rpc callback in the firefox-side wrapper .so uses an NPW_* function to allocate an array, but then an NPN_* function to free it. These two groups of functions use a different underlying allocator thus malloc raises SIGABRT.

Version-Release number of selected component (if applicable):

Mon 05 Jan 2009 10:43:05 GMT  	firefox-3.0.5-1.fc9.x86_64
Fri 12 Dec 2008 13:31:30 GMT  	nspluginwrapper-1.1.10-1.fc9.x86_64
Fri 12 Dec 2008 13:31:56 GMT  	nspluginwrapper-1.1.10-1.fc9.i386
Thu 11 Dec 2008 12:26:40 GMT  	mozilla-vlc-0.9.8a-1.fc9.x86_64

How reproducible:

For me, 100%. Problem noticed on an x86_64 system running up-to-date F9 with nspluginwrapper and libvlcplugin.so (from mozilla-vlc-0.9.8a-1) installed. The above URL contains an EMBEDded Quicktime file, which attempts to load libvlcplugin.so.

Steps to Reproduce:
1. Install relevant components
2. Go to above URL
Actual results:


Expected results:

At best an embedded video player. At worst a grey rectangle.

Additional info:
Comment 1 John Sullivan 2009-01-07 11:11:27 EST
Created attachment 328396 [details]
Fix for crash

This is a quick fix for just the immediate problem.

I wouldn't be surprised if similar problems occurred elsewhere though.
Comment 2 Martin Stransky 2009-01-13 08:42:17 EST
You're right. Seems to be already fixed in 1.3.0, thanks!

Note You need to log in before you can comment on or make changes to this bug.