Skip to content

Security contact for reproducible memory-safety issue in FLV video tag parsing #118

Description

@damseleng

Hello,

I have identified a reproducible memory-safety issue in WXInlinePlayer, reachable through the FLV demuxing / video tag parsing path when processing malformed local FLV input data.

I would prefer not to disclose the minimized input or detailed sanitizer output publicly before the maintainer has had a chance to review it.

Is there a preferred private security contact, email address, or disclosure route for this project?

I can provide:

  • minimized malformed FLV input
  • ASan/UBSan crash log
  • affected commit information
  • clean-checkout reproduction steps
  • a small standalone C++ reproducer using the demuxer Decoder::decode() path
  • source-level root cause notes
  • suggested fix direction

Best regards,
Yukimura

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions