[webkit-changes] [WebKit/WebKit] 211a03: Don't reserve vector capacity <= 0 in ISOTrackEncr...
Chirag Shah
noreply at github.com
Thu Jun 15 21:20:29 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 211a030a510d221c9286ee7a4166dddf79e352e0
https://github.com/WebKit/WebKit/commit/211a030a510d221c9286ee7a4166dddf79e352e0
Author: Chirag M Shah <chirag_m_shah at apple.com>
Date: 2023-06-15 (Thu, 15 Jun 2023)
Changed paths:
M Source/WebCore/platform/graphics/iso/ISOTrackEncryptionBox.cpp
Log Message:
-----------
Don't reserve vector capacity <= 0 in ISOTrackEncryptionBox::parsePayload
https://bugs.webkit.org/show_bug.cgi?id=258156
rdar://110421682
Reviewed by Andy Estes.
This change fixes an issue where we read something which is < 0 in an
int8_t and then pass it to a size_t, which results in a crash because we
attempt to allocate a huge buffer to due sign conversion.
* Source/WebCore/platform/graphics/iso/ISOTrackEncryptionBox.cpp:
(WebCore::ISOTrackEncryptionBox::parsePayload):
Canonical link: https://commits.webkit.org/265227@main
More information about the webkit-changes
mailing list