[webkit-changes] [WebKit/WebKit] 5c059a: CDMPrivateFairPlayStreaming parsing of WebCore::IS...
Arunsundar Kannan
noreply at github.com
Mon May 22 13:39:58 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 5c059ab32c26d642874354e3be0f8802d8e71e1b
https://github.com/WebKit/WebKit/commit/5c059ab32c26d642874354e3be0f8802d8e71e1b
Author: Arunsundar Kannan <arunsundar_kannan at apple.com>
Date: 2023-05-22 (Mon, 22 May 2023)
Changed paths:
A LayoutTests/http/tests/media/fairplay/fps-init-data-sinf-oob-crash-expected.txt
A LayoutTests/http/tests/media/fairplay/fps-init-data-sinf-oob-crash.html
M Source/WebCore/platform/graphics/iso/ISOTrackEncryptionBox.cpp
Log Message:
-----------
CDMPrivateFairPlayStreaming parsing of WebCore::ISOTrackEncryptionBox can lead to a heap-buffer-overflow.
https://bugs.webkit.org/show_bug.cgi?id=254781.
rdar://103849722
Reviewed by Jer Noble.
WebCore::ISOTrackEncryptionBox::parse() is missing basic bounds checking before memcpy. This change add the check.
* LayoutTests/http/tests/media/fairplay/fps-init-data-sinf-oob-crash-expected.txt: Added.
* LayoutTests/http/tests/media/fairplay/fps-init-data-sinf-oob-crash.html: Added.
* Source/WebCore/platform/graphics/iso/ISOTrackEncryptionBox.cpp:
(WebCore::ISOTrackEncryptionBox::parse):
Originally-landed-as: 259548.536 at safari-7615-branch (8320a5247c74). rdar://103849722
Canonical link: https://commits.webkit.org/264364@main
More information about the webkit-changes
mailing list