[webkit-changes] [160738] trunk/Source/WebCore

Tue, 17 Dec 2013 16:54:13 -0800

Title: [160738] trunk/Source/WebCore
Revision
160738
Author
jer.no...@apple.com
Date
2013-12-17 16:56:39 -0800 (Tue, 17 Dec 2013)

Log Message

[MSE][Mac] Null-deref in CMSampleBufferIsRandomAccess().
https://bugs.webkit.org/show_bug.cgi?id=125698

Reviewed by Sam Weinig.

If a given CMSampleBufferRef does not have a sample attachments array (which is unlikely, but
possible), CMSampleBufferGetAttachmentsArray() will return a null value.

Additionally, the CMSampleBuffer documentation states that "samples are assumed to be sync
samples by default", so the absence of an attachment array (or the absense of a
kCMSampleAttachmentKey_NotSync entry in any of the attachment dictionaries) indicates the
sample is sync.

* platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
(WebCore::CMSampleBufferIsRandomAccess):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (160737 => 160738)


--- trunk/Source/WebCore/ChangeLog	2013-12-18 00:54:48 UTC (rev 160737)
+++ trunk/Source/WebCore/ChangeLog	2013-12-18 00:56:39 UTC (rev 160738)
@@ -1,3 +1,21 @@
+2013-12-17  Jer Noble  <jer.no...@apple.com>
+
+        [MSE][Mac] Null-deref in CMSampleBufferIsRandomAccess().
+        https://bugs.webkit.org/show_bug.cgi?id=125698
+
+        Reviewed by Sam Weinig.
+
+        If a given CMSampleBufferRef does not have a sample attachments array (which is unlikely, but
+        possible), CMSampleBufferGetAttachmentsArray() will return a null value.
+
+        Additionally, the CMSampleBuffer documentation states that "samples are assumed to be sync
+        samples by default", so the absence of an attachment array (or the absense of a
+        kCMSampleAttachmentKey_NotSync entry in any of the attachment dictionaries) indicates the
+        sample is sync.
+
+        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
+        (WebCore::CMSampleBufferIsRandomAccess):
+
 2013-12-17  Ryosuke Niwa  <rn...@webkit.org>
 
         Video element's width and height content attributes should not influence intrinsic width and height

Modified: trunk/Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm (160737 => 160738)


--- trunk/Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm	2013-12-18 00:54:48 UTC (rev 160737)
+++ trunk/Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm	2013-12-18 00:56:39 UTC (rev 160738)
@@ -222,12 +222,15 @@
 static bool CMSampleBufferIsRandomAccess(CMSampleBufferRef sample)
 {
     CFArrayRef attachments = CMSampleBufferGetSampleAttachmentsArray(sample, false);
+    if (!attachments)
+        return true;
+
     for (CFIndex i = 0, count = CFArrayGetCount(attachments); i < count; ++i) {
         CFDictionaryRef attachmentDict = (CFDictionaryRef)CFArrayGetValueAtIndex(attachments, i);
-        if (!CFDictionaryContainsKey(attachmentDict, kCMSampleAttachmentKey_NotSync))
-            return true;
+        if (CFDictionaryContainsKey(attachmentDict, kCMSampleAttachmentKey_NotSync))
+            return false;
     }
-    return false;
+    return true;
 }
 
 MediaSample::SampleFlags MediaSampleAVFObjC::flags() const

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to