Firefox unaligned access fix
Christian Weisgerber
naddy at freebsd.org
Fri Jan 28 22:39:18 UTC 2011
I think we want this fix for Firefox 3.5/3.6 and related ports:
https://hg.mozilla.org/mozilla-central/raw-rev/e8207773d54d
Now, I don't have a sparc64 running FreeBSD, but this is hardly OS
dependent and on OpenBSD/sparc64 I see crashes with SIGBUS when
accessing
http://www.heise.de/netze/
Something on that page causes parsing of a malformed(?) ICC profile
which causes this unaligned access:
#0 0x000000021207cd68 in read_u32 (mem=0xfffffffffffd22f0, offset=535)
at iccread.c:90
90 return be32_to_cpu(*(__be32*)(mem->buf + offset));
(gdb) p mem->buf + offset
$1 = (const unsigned char *) 0x2258f85b7 "XYZ "
(gdb) bt
#0 0x000000021207cd68 in read_u32 (mem=0xfffffffffffd22f0, offset=535)
at iccread.c:90
#1 0x000000021207cee0 in read_tag_XYZType (src=0xfffffffffffd22f0, index=
{count = 17, tags = 0x225692100}, tag_id=Variable "tag_id" is not available.
) at iccread.c:322
#2 0x000000021207d6b8 in qcms_profile_from_memory (mem=Variable "mem" is not available.
) at iccread.c:708
#3 0x0000000210d28250 in nsJPEGDecoder::ProcessData (this=0x200a4f800,
data=0x209c18ff8 "\002*5*h*\233*+\002+6+i+\235+,\005,9,n,,-\f-A-v--.\026.L.\202../$/Z/\221//050l001\0221J1\202112*2c2\23323\r3F3\177334+4e4\23645\0235M5\20755676r667$7`7\23478\0248P8\21489\0059B9\17799:6:t::;-;k;;<'<e<<=\"=a==> >`>>?!?a??@#@d@"..., count=4096,
writeCount=0xfffffffffffd27c8) at nsJPEGDecoder.cpp:339
[...]
--
Christian "naddy" Weisgerber naddy at mips.inka.de
More information about the freebsd-gecko
mailing list