CVE-2007-4559 Patch #3
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
aosmond
pushed a commit
to aosmond/gecko
that referenced
this pull request
Aug 29, 2023
Upstream commit: https://webrtc.googlesource.com/src/+/f0d954f659a77b214b0ff177e6f66bad1d626423 [M115] Fix L1Tx target bitrate bug when the standard API is used. There are now multiple ways to configure VP9 L1Tx: - Legacy API: configure legacy SVC and disable encodings, this gets interpreted as disabling spatial layers (non-standard API hack). - Standard API: configure scalability_mode. This can be done either with a single encoding or multiple encodings. As long as only one encoding is active we get a single L1Tx ssrc, same as legacy API. Due to a bug, the ApplySpatialLayerBitrateLimits() logic which tweaks bitrates was only applied in the legacy API code path, not the standard API code path, despite both code paths configuring L1Tx. The issue is that IsSimulcastOrMultipleSpatialLayers() was checking if `number_of_streams == 1`. This is true in legacy code path but not standard code path. The fix is to look at `numberOfSimulcastStreams == 1` instead, which is set to the correct value regardless of code path used. This CL adds comments documenting the difference between `number_of_streams` and `numberOfSimulcastStreams` to reduce the risk of more mistakes like this in the future. (cherry picked from commit 2fec64484f0c1355db1dde236c3c205985a30a30) Bug: chromium:1455039, b:279161263 Change-Id: I69789b68cc5d45ef1b3becd310687c8dec8e7c87 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/308722 Reviewed-by: Ilya Nikolaevskiy <ilnik@webrtc.org> Commit-Queue: Henrik Boström <hbos@webrtc.org> Reviewed-by: Erik Språng <sprang@webrtc.org> Cr-Original-Commit-Position: refs/heads/main@{#40287} Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/308920 Cr-Commit-Position: refs/branch-heads/5790@{mykmelez#3} Cr-Branched-From: 2eacbbc03a4a41ea658661225eb1c8fc07884c33-refs/heads/main@{#40122}
aosmond
pushed a commit
to aosmond/gecko
that referenced
this pull request
Sep 27, 2023
…cuts as soft navigation triggers, a=testonly Automatic update from web-platform-tests [soft navigations] Enable keyboard shortcuts as soft navigation triggers Following the discussion on issue mykmelez#3 [1], this CL adds support to soft navigations triggered by keyboard shortcuts, by adding unfocused keydown events to the events that can trigger the soft navigation heuristic. [1] WICG/soft-navigations#3 Bug: 1478772 Change-Id: Ib423a3cfc09eaf4dd9a2221b3494ab1016fa8668 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4839506 Commit-Queue: Yoav Weiss <yoavweiss@chromium.org> Reviewed-by: Ian Clelland <iclelland@chromium.org> Cr-Commit-Position: refs/heads/main@{#1193004} -- wpt-commits: 7f165f11361b86ef41b123dbc904ccee26d5f025 wpt-pr: 41816
aosmond
pushed a commit
to aosmond/gecko
that referenced
this pull request
Oct 14, 2023
…rd shortcuts as soft navigation triggers, a=testonly Automatic update from web-platform-tests Reland: [soft navigations] Enable keyboard shortcuts as soft navigation triggers Following the discussion on issue mykmelez#3 [1], this CL adds support to soft navigations triggered by keyboard shortcuts, by adding unfocused keydown events to the events that can trigger the soft navigation heuristic. This is a reland of [2], rebased and which fixes the unguarded ScriptState access in event_dispatcher, which caused a crash. [1] WICG/soft-navigations#3 [2] https://chromium-review.googlesource.com/c/chromium/src/+/4839506 Bug: 1478772, 1480047 Change-Id: I6428e0635222366d880dd908f04f2273b6bf8b44 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4900577 Reviewed-by: Ian Clelland <iclelland@chromium.org> Commit-Queue: Yoav Weiss <yoavweiss@chromium.org> Cr-Commit-Position: refs/heads/main@{#1203903} -- wpt-commits: 04ab10bfca7454a6f6d968cb6c9c697fcdea9de2 wpt-pr: 42213
aosmond
pushed a commit
to aosmond/gecko
that referenced
this pull request
Aug 8, 2024
Upstream commit: https://webrtc.googlesource.com/src/+/876d0c9881eab8e7f8389812eb3738bdd374aa22 Fix use-of-uninitialized-value in NetEq tests. The new version of MSan (rolled by [1]) detects the following: ``` ==39908==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x5591400a52ef in GetPlayoutDelayMs ./../../modules/audio_coding/neteq/decision_logic.cc:466:35 mykmelez#1 0x5591400a52ef in webrtc::DecisionLogic::ExpectedPacketAvailable(webrtc::NetEqController::NetEqStatus) ./../../modules/audio_coding/neteq/decision_logic.cc:311:36 mykmelez#2 0x5591400a39e9 in webrtc::DecisionLogic::GetDecision(webrtc::NetEqController::NetEqStatus const&, bool*) ./../../modules/audio_coding/neteq/decision_logic.cc:0:0 mykmelez#3 0x55913cf590c9 in webrtc::DecisionLogicTest_PreemptiveExpand_Test::TestBody() ./../../modules/audio_coding/neteq/decision_logic_unittest.cc:139:3 #4 0x55913ef28283 in HandleExceptionsInMethodIfSupported<testing::Test, void> ./../../third_party/googletest/src/googletest/src/gtest.cc:0:3 #5 0x55913ef28283 in testing::Test::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:2710:5 #6 0x55913ef2ab46 in testing::TestInfo::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:2856:11 #7 0x55913ef2da34 in testing::TestSuite::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:3034:30 #8 0x55913ef621e8 in testing::internal::UnitTestImpl::RunAllTests() ./../../third_party/googletest/src/googletest/src/gtest.cc:5964:44 #9 0x55913ef60f54 in HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> ./../../third_party/googletest/src/googletest/src/gtest.cc:0:0 #10 0x55913ef60f54 in testing::UnitTest::Run() ./../../third_party/googletest/src/googletest/src/gtest.cc:5543:10 #11 0x55913ee1a944 in RUN_ALL_TESTS ./../../third_party/googletest/src/googletest/include/gtest/gtest.h:2334:73 #12 0x55913ee1a944 in webrtc::(anonymous namespace)::TestMainImpl::Run(int, char**) ./../../test/test_main_lib.cc:203:21 #13 0x55913cbd36b8 in main ./../../test/test_main.cc:72:16 #14 0x7fdb18c73082 in __libc_start_main /build/glibc-LcI20x/glibc-2.31/csu/../csu/libc-start.c:308:16 #15 0x55913cb3e1a9 in _start ??:0:0 ``` [1] - https://webrtc-review.googlesource.com/c/src/+/353620 Bug: b/344970813 Change-Id: I9b5d7791e68b4c494168ba9f007a3099ae21fed4 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/353581 Auto-Submit: Mirko Bonadei <mbonadei@webrtc.org> Reviewed-by: Jakob Ivarsson <jakobi@webrtc.org> Commit-Queue: Jakob Ivarsson <jakobi@webrtc.org> Cr-Commit-Position: refs/heads/main@{#42433}
aosmond
pushed a commit
to aosmond/gecko
that referenced
this pull request
Sep 5, 2024
Upstream commit: https://webrtc.googlesource.com/src/+/f237dc146debcfde3d70038c2b66f71bfea8d24b [M128] Ensure calls to QP convergence controller are on the same sequence The original CL overlooked the possibility that the encoder may be reconfigured in the middle of a stream. Restructure the code so that all calls to QP convergence controller happen on the encoder queue. A side effect of this CL is that `EncodedImage::SetAtTargetQuality()` is never called. The information is supplied to the frame cadence adapter directly without this intermediate step. `EncodedImage::SetAtTargetQuality()` and `EncodedImage::IsAtTargetQuality()` are being marked as deprecated in https://webrtc-review.googlesource.com/c/src/+/359660. (cherry picked from commit b47cd6fbe315690756f2f03e7658d4e26fe27b1e) Bug: chromium:359410061 Change-Id: I941b5f60b1a9fd7694dbedf2f3e4ff5253ccf357 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/359640 Commit-Queue: Johannes Kron <kron@webrtc.org> Reviewed-by: Ilya Nikolaevskiy <ilnik@webrtc.org> Reviewed-by: Markus Handell <handellm@webrtc.org> Cr-Original-Commit-Position: refs/heads/main@{#42788} No-Try: true Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/360240 Cr-Commit-Position: refs/branch-heads/6613@{mykmelez#3} Cr-Branched-From: 1ac162ee20a214bf97f6594a7effcbbc21f1effb-refs/heads/main@{#42664}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Patching CVE-2007-4559
Hi, we are security researchers from the Advanced Research Center at Trellix. We have began a campaign to patch a widespread bug named CVE-2007-4559. CVE-2007-4559 is a 15 year old bug in the Python tarfile package. By using extract() or extractall() on a tarfile object without sanitizing input, a maliciously crafted .tar file could perform a directory path traversal attack. We found at least one unsantized extractall() in your codebase and are providing a patch for you via pull request. The patch essentially checks to see if all tarfile members will be extracted safely and throws an exception otherwise. We encourage you to use this patch or your own solution to secure against CVE-2007-4559. Further technical information about the vulnerability can be found in this blog.
If you have further questions you may contact us through this projects lead researcher Kasimir Schulz.