Title: [262819] branches/safari-610.1.16-branch/Source/WebCore
- Revision
- 262819
- Author
- [email protected]
- Date
- 2020-06-09 15:33:34 -0700 (Tue, 09 Jun 2020)
Log Message
Cherry-pick r262687. rdar://problem/64044841
REGRESSION (r262364): Disney Plus crashes playing videos
https://bugs.webkit.org/show_bug.cgi?id=212862
<rdar://problem/64044841>
Reviewed by Eric Carlson.
In r262364, we specified an incorrect number size for CFNumberGetValue, which nevertheless
worked fine in debug builds, but overwrote stack data in release builds, leading to a crash when
the returned pointer was ref()d. The correct size for a FourCharCode is a
kCFNumberSInt32Type, not a kCFNumberLongType.
* platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@262687 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-610.1.16-branch/Source/WebCore/ChangeLog (262818 => 262819)
--- branches/safari-610.1.16-branch/Source/WebCore/ChangeLog 2020-06-09 22:31:37 UTC (rev 262818)
+++ branches/safari-610.1.16-branch/Source/WebCore/ChangeLog 2020-06-09 22:33:34 UTC (rev 262819)
@@ -1,3 +1,38 @@
+2020-06-09 Alan Coon <[email protected]>
+
+ Cherry-pick r262687. rdar://problem/64044841
+
+ REGRESSION (r262364): Disney Plus crashes playing videos
+ https://bugs.webkit.org/show_bug.cgi?id=212862
+ <rdar://problem/64044841>
+
+ Reviewed by Eric Carlson.
+
+ In r262364, we specified an incorrect number size for CFNumberGetValue, which nevertheless
+ worked fine in debug builds, but overwrote stack data in release builds, leading to a crash when
+ the returned pointer was ref()d. The correct size for a FourCharCode is a
+ kCFNumberSInt32Type, not a kCFNumberLongType.
+
+ * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@262687 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-06-06 Jer Noble <[email protected]>
+
+ REGRESSION (r262364): Disney Plus crashes playing videos
+ https://bugs.webkit.org/show_bug.cgi?id=212862
+ <rdar://problem/64044841>
+
+ Reviewed by Eric Carlson.
+
+ In r262364, we specified an incorrect number size for CFNumberGetValue, which nevertheless
+ worked fine in debug builds, but overwrote stack data in release builds, leading to a crash when
+ the returned pointer was ref()d. The correct size for a FourCharCode is a
+ kCFNumberSInt32Type, not a kCFNumberLongType.
+
+ * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
+
2020-06-03 Rob Buis <[email protected]>
Make generated C++ code use modern C++
Modified: branches/safari-610.1.16-branch/Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm (262818 => 262819)
--- branches/safari-610.1.16-branch/Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm 2020-06-09 22:31:37 UTC (rev 262818)
+++ branches/safari-610.1.16-branch/Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm 2020-06-09 22:33:34 UTC (rev 262819)
@@ -416,7 +416,7 @@
CFStringRef originalFormatKey = PAL::canLoad_CoreMedia_kCMFormatDescriptionExtension_ProtectedContentOriginalFormat() ? PAL::get_CoreMedia_kCMFormatDescriptionExtension_ProtectedContentOriginalFormat() : CFSTR("CommonEncryptionOriginalFormat");
CFTypeRef originalFormat = CMFormatDescriptionGetExtension(description, originalFormatKey);
if (originalFormat && CFGetTypeID(originalFormat) == CFNumberGetTypeID())
- CFNumberGetValue((CFNumberRef)originalFormat, kCFNumberLongType, &codec);
+ CFNumberGetValue((CFNumberRef)originalFormat, kCFNumberSInt32Type, &codec);
m_codec = AtomString(reinterpret_cast<LChar*>(&codec), 4);
}
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
