New issue
Advanced search Search tips
ListGrid
Loading...
  ID Type  Status  Priority  Milestone  Owner  Summary + Labels ...
  43 ---- Fixed ---- ---- cevans@google.com Flash leak of uninitialized data whilst rendering JPEGs  
  44 ---- Fixed ---- ---- cevans@google.com Flash leak of uninitialized data whilst rendering a 2-component JPEG  
  45 ---- Fixed ---- ---- cevans@google.com Flash leak of uninitialized memory when rendering valid(?) 1bpp image  
  46 ---- Fixed ---- ---- cevans@google.com Flash heap buffer overflow calling copyPixelsToByteArray() on a large ByteArray CCProjectZeroMembers  
  47 ---- Fixed ---- ---- cevans@google.com Flash leak of uninitialized data when image zlib stream ends prematurely CCProjectZeroMembers  
  48 ---- Fixed ---- ---- cevans@google.com Flash leak of uninitialized data when JPEG image alpha channel zlib stream ends prematurely CCProjectZeroMembers  
  71 ---- Fixed ---- ---- cevans@google.com Flash out-of-bounds read in uploadCompressedTextureFromByteArray() CCProjectZeroMembers  
  75 ---- Fixed ---- ---- cevans@google.com Flash out-of-bounds read with empty ID3 tag CCProjectZeroMembers  
  76 ---- Fixed ---- ---- cevans@google.com Flash memory corruption (double free?) with RTMP packet that aborts itself CCProjectZeroMembers  
  78 ---- Fixed ---- ---- cevans@google.com Flash memory corruption (integer overflow?) concatenating strings to ~4GB in size CCProjectZeroMembers  
  79 ---- Fixed ---- ---- cevans@google.com Flash out-of-bounds read with large string length in RTMP packet CCProjectZeroMembers  
  82 ---- Fixed ---- ---- cevans@google.com Flash out-of-bounds read in uploadCompressedTextureFromByteArray() [CubeTexture variant] CCProjectZeroMembers  
  88 ---- Fixed ---- ---- cevans@google.com Linux kernel stack overflow when mounting ISO9660 image, including via a USB stick CCProjectZeroMembers  
  122 ---- Fixed ---- ---- cevans@google.com Flash memory corruption in the G711 codec with 4-byte samples CCProjectZeroMembers  
  124 ---- Fixed ---- ---- cevans@google.com Flash memory corruption when upper casing malformed Unicode CCProjectZeroMembers  
  125 ---- Fixed ---- ---- cevans@google.com Flash corruption after corrupting pre-validated bytecode CCProjectZeroMembers  
  131 ---- Fixed ---- ---- cevans@google.com Flash write crash at NULL + 0x2b288 (on 64-bit) CCProjectZeroMembers  
  165 ---- Fixed ---- ---- cevans@google.com UaF on Adobe's Flash CCProjectZeroMembers  
  246 ---- Fixed ---- ---- cevans@google.com Flash: out-of-bounds write with mp4 file missing a track CCProjectZeroMembers  
  251 ---- Fixed ---- ---- cevans@google.com Flash: memory corruption with mp4 file with lots of "trex" tags CCProjectZeroMembers  
  253 ---- Fixed ---- ---- cevans@google.com Flash: out-of-bounds write with mp4 file missing a track (alternate mp4 parser) CCProjectZeroMembers  
  256 ---- Fixed ---- ---- cevans@google.com Flash: memory corruption with -1 length string in titl tag CCProjectZeroMembers  
  261 ---- Fixed ---- ---- cevans@google.com Flash: memory corruption with large mp4 atom sizes CCProjectZeroMembers  
  264 ---- Fixed ---- ---- cevans@google.com Flash: memory corruption with excessive CEA-708 data block length CCProjectZeroMembers  
  265 ---- Fixed ---- ---- cevans@google.com Flash: memory corruption with CEA-708 screen cursor going off-screen CCProjectZeroMembers  
  266 ---- Fixed ---- ---- cevans@google.com Flash: memory corruption with large length in EAC3 packet CCProjectZeroMembers  
  268 ---- Fixed ---- ---- cevans@google.com Flash: memory corruption with excessive dimensions in H264 CCProjectZeroMembers  
  276 ---- Fixed ---- ---- cevans@google.com Flash: not great ASLR for the Flash heap on Win7 64-bit CCProjectZeroMembers  
  300 ---- Fixed ---- ---- cevans@google.com Adobe Flash: buffer overflow in Sound.extract() CCProjectZeroMembers  
  318 ---- Fixed ---- ---- cevans@google.com Flash: memory corruption with ShaderJob width and height TOCTOU condition CCProjectZeroMembers  
  319 ---- Fixed ---- ---- cevans@google.com Flash: uninitialized memory information leak when shading into a ByteArray CCProjectZeroMembers  
  322 ---- Fixed ---- ---- cevans@google.com Flash: info leak due to uninitialized registers when executing Shaders CCProjectZeroMembers  
  323 ---- Fixed ---- ---- cevans@google.com Flash: integer overflow / memory corruption with excessive number of shader input channels CCProjectZeroMembers  
  324 ---- Fixed ---- ---- cevans@google.com Flash: out-of-bounds write in ShaderParameter resolution CCProjectZeroMembers  
  361 ---- Fixed ---- ---- mjurczyk@google.com Adobe Flash out-of-bounds memory read while parsing a mutated SWF file CCProjectZeroMembers  
  362 ---- Fixed ---- ---- mjurczyk@google.com Adobe Flash out-of-bounds memory read while parsing a mutated SWF file CCProjectZeroMembers  
  363 ---- Fixed ---- ---- mjurczyk@google.com Adobe Flash out-of-bounds memory read while parsing a mutated TTF file embedded in SWF CCProjectZeroMembers  
  375 ---- Fixed ---- ---- cevans@google.com Flash: uninitialized memory information leak when shading into a ByteArray (#2) CCProjectZeroMembers  
  378 ---- Fixed ---- ---- cevans@google.com Flash: out-of-bounds read in UTF conversion CCProjectZeroMembers  
  396 ---- Fixed ---- ---- cevans@google.com Flash: wild pointer crash in drawing and bitmap handling CCProjectZeroMembers  
  397 ---- Fixed ---- ---- cevans@google.com Flash: wild pointer crash after continuing slow script CCProjectZeroMembers  
  398 ---- Fixed ---- ---- cevans@google.com Flash: bad dereference at 0x23c on Linux x64 CCProjectZeroMembers  
  399 ---- Fixed ---- ---- cevans@google.com Flash: wild pointer in button handling CCProjectZeroMembers  
  400 ---- Fixed ---- ---- cevans@google.com Flash: wild pointer crash in XML handling CCProjectZeroMembers  
  404 ---- Fixed ---- ---- cevans@google.com Flash: bad / wild write in XML when callback modifies XML tree unexpectedly during property delete CCProjectZeroMembers  
  425 ---- Fixed ---- ---- cevans@google.com Flash: heap-based buffer overflow loading FLV file with Nellymoser audio codec CCProjectZeroMembers  
  426 ---- Fixed ---- ---- cevans@google.com Flash: heap-based buffer overflow due to indexing error when loading FLV file CCProjectZeroMembers  
  432 ---- Duplicate ---- ---- hawkes@google.com Flash: wild read on audio thread CCProjectZeroMembers  
  438 ---- Fixed ---- ---- hawkes@google.com Flash: use-after-free in video decoding CCProjectZeroMembers  
  446 ---- Fixed ---- ---- hawkes@google.com Flash: wild pointer 0x1808121a502959a4 decoding h.264 CCProjectZeroMembers  
  447 ---- Fixed ---- ---- hawkes@google.com Flash: corrupt stack leading to misaligned XMM instruction decoding h.264 CCProjectZeroMembers  
  448 ---- Fixed ---- ---- hawkes@google.com Flash: out-of-bounds crash due to negative table indexing error loading 8-byte wide value CCProjectZeroMembers  
  449 ---- Fixed ---- ---- hawkes@google.com Flash: out-of-bounds read in AAC audio handling CCProjectZeroMembers  
  450 ---- Fixed ---- ---- hawkes@google.com Flash: information leak into video canvas; rendering of non-deterministic content that apparently contains pointers CCProjectZeroMembers  
  452 ---- Fixed ---- ---- hawkes@google.com Flash: wild write at 0x453b0cf0 in color conversion CCProjectZeroMembers  
  482 ---- Fixed ---- ---- cevans@google.com Flash: bypass of Vector.<uint> length vs. cookie validation CCProjectZeroMembers  
  503 ---- Fixed ---- ---- hawkes@google.com libstagefright integer overflow and heap corruption with saio tag CCProjectZeroMembers