[webkit-changes] [WebKit/WebKit] b05fd5: Fix integer overflow in BitstreamReader::ReadBit c...

Commit Queue noreply at github.com
Wed Nov 1 09:41:28 PDT 2023


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: b05fd50ce4ab18d1d6ba009364bb645ea43e354c
      https://github.com/WebKit/WebKit/commit/b05fd50ce4ab18d1d6ba009364bb645ea43e354c
  Author: David Kilzer <ddkilzer at apple.com>
  Date:   2023-11-01 (Wed, 01 Nov 2023)

  Changed paths:
    M Source/ThirdParty/libwebrtc/Source/webrtc/common_video/h265/h265_sps_parser.cc
    M Source/ThirdParty/libwebrtc/Source/webrtc/rtc_base/bitstream_reader.cc
    A Source/ThirdParty/libwebrtc/WebKit/0001-Fix-integer-overflow-in-BitstreamReader-ReadBit-call.patch

  Log Message:
  -----------
  Fix integer overflow in BitstreamReader::ReadBit called from H265SpsParser::ParseSpsInternal
https://bugs.webkit.org/show_bug.cgi?id=264019
<rdar://117763685>

Reviewed by Jer Noble.

* Source/ThirdParty/libwebrtc/Source/webrtc/common_video/h265/h265_sps_parser.cc:
(webrtc::H265SpsParser::ParseSpsInternal):
- Cap maximum value of log2_max_pic_order_cnt_lsb_minus4 that is later
  passed to BitstreamReader::ConsumeBits() to prevent integer overflow.

* Source/ThirdParty/libwebrtc/Source/webrtc/rtc_base/bitstream_reader.cc:
(webrtc::BitstreamReader::ConsumeBits):
- Add runtime check for (bits < 0) since this would have caught the
  issue sooner.

* Source/ThirdParty/libwebrtc/WebKit/0001-Fix-integer-overflow-in-BitstreamReader-ReadBit-call.patch: Add.

Canonical link: https://commits.webkit.org/270062@main




More information about the webkit-changes mailing list