[webkit-changes] [WebKit/WebKit] 46ea28: [GPUP][CoreIPC] Integer overflow in SharedVideoFra...
youennf
noreply at github.com
Mon May 22 13:55:03 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 46ea28d672831cac886966dd100c4bfe4d9ae418
https://github.com/WebKit/WebKit/commit/46ea28d672831cac886966dd100c4bfe4d9ae418
Author: Youenn Fablet <youennf at gmail.com>
Date: 2023-05-22 (Mon, 22 May 2023)
Changed paths:
A LayoutTests/ipc/shared-video-frame-size-expected.txt
A LayoutTests/ipc/shared-video-frame-size.html
M Source/WebCore/platform/cocoa/SharedVideoFrameInfo.mm
Log Message:
-----------
[GPUP][CoreIPC] Integer overflow in SharedVideoFrameInfo::storageSize leading to OOB read
rdar://107023292
Reviewed by Eric Carlson.
Compute with safeMultitply/safeAdd the total size of the frame.
If there is an overflow, we now fail the decoding of SharedVideoFrameInfo.
Covered by provided IPC test.
* LayoutTests/ipc/shared-video-frame-size-expected.txt: Added.
* LayoutTests/ipc/shared-video-frame-size.html: Added.
* Source/WebCore/platform/cocoa/SharedVideoFrameInfo.mm:
(WebCore::SharedVideoFrameInfo::storageSize const):
(WebCore::SharedVideoFrameInfo::decode):
Originally-landed-as: 259548.597 at safari-7615-branch (7811f6f9e18f). rdar://107023292
Canonical link: https://commits.webkit.org/264371@main
More information about the webkit-changes
mailing list