Hello,
I have identified a reproducible memory-safety issue in WXInlinePlayer, reachable through the FLV demuxing / video tag parsing path when processing malformed local FLV input data.
I would prefer not to disclose the minimized input or detailed sanitizer output publicly before the maintainer has had a chance to review it.
Is there a preferred private security contact, email address, or disclosure route for this project?
I can provide:
- minimized malformed FLV input
- ASan/UBSan crash log
- affected commit information
- clean-checkout reproduction steps
- a small standalone C++ reproducer using the demuxer
Decoder::decode() path
- source-level root cause notes
- suggested fix direction
Best regards,
Yukimura
Hello,
I have identified a reproducible memory-safety issue in
WXInlinePlayer, reachable through the FLV demuxing / video tag parsing path when processing malformed local FLV input data.I would prefer not to disclose the minimized input or detailed sanitizer output publicly before the maintainer has had a chance to review it.
Is there a preferred private security contact, email address, or disclosure route for this project?
I can provide:
Decoder::decode()pathBest regards,
Yukimura