[webkit-changes] [WebKit/WebKit] 7bd5ea: Harden WebRTC HEVC RFC 7798 RTP Payload Format Imp...

Commit Queue noreply at github.com
Fri Nov 3 09:23:57 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 7bd5eaf9f68b6da5fa3b79e4c021b35c8140c832
      https://github.com/WebKit/WebKit/commit/7bd5eaf9f68b6da5fa3b79e4c021b35c8140c832
  Author: David Kilzer <ddkilzer at apple.com>
  Date:   2023-11-03 (Fri, 03 Nov 2023)

  Changed paths:
    M Source/ThirdParty/libwebrtc/Source/webrtc/common_video/h265/h265_sps_parser.cc
    M Source/ThirdParty/libwebrtc/Source/webrtc/rtc_base/bitstream_reader.cc
    A Source/ThirdParty/libwebrtc/WebKit/0001-Harden-WebRTC-HEVC-RFC-7798-RTP-Payload-Format-Imple.patch

  Log Message:
  -----------
  Harden WebRTC HEVC RFC 7798 RTP Payload Format Implementation
https://bugs.webkit.org/show_bug.cgi?id=264021
<rdar://117778946>

Reviewed by Youenn Fablet.

* Source/ThirdParty/libwebrtc/Source/webrtc/common_video/h265/h265_sps_parser.cc:
(webrtc::kMaxSPSLongTermRefPics):
(webrtc::kMaxSPSPics):
(webrtc::kMaxSPSShortTermRefPics):
- Add constants representing limits for various fields.
(webrtc::H265SpsParser::ParseScalingListData):
- Return false if BitstreamReader was invalidated.
(webrtc::H265SpsParser::ParseShortTermRefPicSet):
- Return absl::nullopt if BitstreamReader was invalidated, or if
  reader.ReadExponentialGolomb() returned unrealistic values.
(webrtc::H265SpsParser::ParseSpsInternal):
- Return absl::nullopt if BitstreamReader was invalidated, or if
  reader.ReadExponentialGolomb() returned unrealistic values.
- Move early return up since reader is not used after that point.

* Source/ThirdParty/libwebrtc/Source/webrtc/rtc_base/bitstream_reader.cc:
(webrtc::BitstreamReader::ReadBits):
- Add runtime check for (bits < 0).  Use Invalidate() instead of
  subtracting bits from remaining_bits_ to prevent integer underflow.
(webrtc::BitstreamReader::ReadExponentialGolomb):
- Add check for (remaining_bits_ < 0) so that zero_bit_count doesn't
  have to reach 32 before invalidation occurs.

* Source/ThirdParty/libwebrtc/WebKit/0001-Harden-WebRTC-HEVC-RFC-7798-RTP-Payload-Format-Imple.patch: Add.

Canonical link: https://commits.webkit.org/270179@main

More information about the webkit-changes mailing list