[webkit-changes] [WebKit/WebKit] 9d7925: CDMPrivateFairPlayStreaming parsing of WebCore::IS...
Arunsundar Kannan
noreply at github.com
Mon May 22 13:50:09 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 9d792587594f2ea0714bdf233d63c6dbf7e060d1
https://github.com/WebKit/WebKit/commit/9d792587594f2ea0714bdf233d63c6dbf7e060d1
Author: Arunsundar Kannan <arunsundar_kannan at apple.com>
Date: 2023-05-22 (Mon, 22 May 2023)
Changed paths:
A LayoutTests/http/tests/media/fairplay/fps-init-data-cenc-oob-crash-expected.txt
A LayoutTests/http/tests/media/fairplay/fps-init-data-cenc-oob-crash.html
M Source/WebCore/platform/graphics/avfoundation/ISOFairPlayStreamingPsshBox.cpp
Log Message:
-----------
CDMPrivateFairPlayStreaming parsing of WebCore::ISOFairPlayStreamingKeyRequestInfoBox can trigger an OOB read.
https://bugs.webkit.org/show_bug.cgi?id=255075
rdar://103843976
Reviewed by Jer Noble.
ISOFairPlayStreamingKeyRequestInfoBox::parse is missing basic bounds checking before memcpy. This change add the check.
* LayoutTests/http/tests/media/fairplay/fps-init-data-cenc-oob-crash-expected.txt: Added.
* LayoutTests/http/tests/media/fairplay/fps-init-data-cenc-oob-crash.html: Added.
* Source/WebCore/platform/graphics/avfoundation/ISOFairPlayStreamingPsshBox.cpp:
(WebCore::ISOFairPlayStreamingKeyRequestInfoBox::parse):
(WebCore::ISOFairPlayStreamingKeyAssetIdBox::parse):
(WebCore::ISOFairPlayStreamingKeyContextBox::parse):
Originally-landed-as: 259548.588 at safari-7615-branch (3f8875488cf5). rdar://103843976
Canonical link: https://commits.webkit.org/264369@main
More information about the webkit-changes
mailing list