[webkit-gtk] [pulseaudio-discuss] Vulnerability in Webkit-GTK and PulseAudio volume handling

Alexander E. Patrakov patrakov at gmail.com
Thu Oct 10 23:10:17 PDT 2013


Colin Guthrie wrote:
> What would be more interesting to me would be how the same code works 
> on Windows 7 which I believe also implements a flat volume scheme (not 
> sure about Win 8) and how it handles stream volumes in this context 
> (background: 
> http://www.patrickbaudisch.com/publications/2004-Baudisch-CHI04-FlatVolumeControl.pdf)

Here is a Windows 7 screenshot relevant to the flat volume idea. You 
need it to understand the text below.

http://permalink.gmane.org/gmane.comp.audio.pulseaudio.general/17426

Basically, Windows' flat volumes a just an UI feature of the default 
mixer application. Volume sliders inside applications still show 
relative-to-the-master volumes, as can be seen with Windows media player 
on that screenshot. In other words, Microsoft did not go as far as the 
referenced paper suggests.

As far as testing the bad javascript under Windows, I have asked my 
colleague to do just that in all major browsers (Chrome, Firefox, IE 
(with a different media file), non-webkit Opera, webkit Opera). Result: 
no bug. Javascript volume does not correspond to anything in the mixer 
application. The volume slider inside the browser jumps between 99% and 
100%, but the volume slider in the mixer application can be set to any 
value, stays there, and the browser obeys. So the inside-the-browser 
volume control is just an additional element in the path, exposed to the 
user only inside the browser.

-- 
Alexander E. Patrakov


More information about the webkit-gtk mailing list