|
|
Flash leak of uninitialized memory when rendering valid(?) 1bpp image | |||||||
| Reported by cevans@google.com, Jul 14 2014 | Back to list | |||||||
A SWF to reproduce is attached, along with source. To reproduce, host the additional resource SWF "imglossless1bpp.swf" on the same web server / directory as Lossless1bppLeak.swf This bug is a strange one. I think the 1bpp image is reasonably well-formed and valid: it has a 2-color color table (black and white), and enough image data to fill the entire 64x64 1bpp canvas. Despite this, a multi-color image is rendered, which clearly contains some uninitialized data. Maybe 1bpp image support is broken? I'm not really sure what's going on other than the definite observation of uninitialized memory content leaking to script. A screenshot is attached for convenience.
Comment 1
by
cevans@google.com,
Jul 14 2014
,
Jul 14 2014
(test)
,
Jul 14 2014
,
Jul 15 2014
,
Aug 21 2014
,
Aug 21 2014
Bulletin: http://helpx.adobe.com/security/products/flash-player/apsb14-18.html
,
Aug 21 2014
,
Aug 21 2014
Blogged about here: http://googleprojectzero.blogspot.com/2014/08/what-does-pointer-look-like-anyway.html Marking as Fixed since the patch is available since > 1 week. |
||||||||
| ► Sign in to add a comment | ||||||||
