[webkit-changes] [269055] trunk

Tue, 27 Oct 2020 11:00:25 -0700

Title: [269055] trunk
Revision
269055
Author
[email protected]
Date
2020-10-27 10:58:41 -0700 (Tue, 27 Oct 2020)

Log Message

[GStreamer] Bad handling of audio files in the ImageDecoder
https://bugs.webkit.org/show_bug.cgi?id=218239

Patch by Philippe Normand <[email protected]> on 2020-10-27
Reviewed by Adrian Perez de Castro.

Source/WebCore:

The final main thread notification needs to be blocking otherwise the decoder might get
disposed of too early.

Test: fast/images/animated-image-mp3-crash.html

* platform/graphics/gstreamer/ImageDecoderGStreamer.cpp:
(WebCore::ImageDecoderGStreamer::pushEncodedData):

LayoutTests:

* fast/images/animated-image-mp3-crash-expected.txt: Added.
* fast/images/animated-image-mp3-crash.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (269054 => 269055)


--- trunk/LayoutTests/ChangeLog	2020-10-27 17:54:44 UTC (rev 269054)
+++ trunk/LayoutTests/ChangeLog	2020-10-27 17:58:41 UTC (rev 269055)
@@ -1,3 +1,13 @@
+2020-10-27  Philippe Normand  <[email protected]>
+
+        [GStreamer] Bad handling of audio files in the ImageDecoder
+        https://bugs.webkit.org/show_bug.cgi?id=218239
+
+        Reviewed by Adrian Perez de Castro.
+
+        * fast/images/animated-image-mp3-crash-expected.txt: Added.
+        * fast/images/animated-image-mp3-crash.html: Added.
+
 2020-10-27  Kenneth Russell  <[email protected]>
 
         [ iOS wk2 ] webgl/1.0.3/conformance/textures/copy-tex-image-2d-formats.html is failing.

Added: trunk/LayoutTests/fast/images/animated-image-mp3-crash-expected.txt (0 => 269055)


--- trunk/LayoutTests/fast/images/animated-image-mp3-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/images/animated-image-mp3-crash-expected.txt	2020-10-27 17:58:41 UTC (rev 269055)
@@ -0,0 +1,10 @@
+Test that a mp3 media file loaded as an image should not crash.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS Decoding an mp3 file triggers no crash
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Added: trunk/LayoutTests/fast/images/animated-image-mp3-crash.html (0 => 269055)


--- trunk/LayoutTests/fast/images/animated-image-mp3-crash.html	                        (rev 0)
+++ trunk/LayoutTests/fast/images/animated-image-mp3-crash.html	2020-10-27 17:58:41 UTC (rev 269055)
@@ -0,0 +1,35 @@
+<!DOCTYPE html>
+<html>
+    <body>
+        <img>
+        <script src=""
+        <script>
+         window.jsTestIsAsync = true;
+
+         function loadImage(src) {
+             return new Promise((resolve, reject) => {
+                 const image = document.querySelector('img');
+                 image.src = ""
+                 return image.decode().then(() => { resolve(image); }).catch((error) => { reject(error); });
+             });
+         }
+
+         function endTest() {
+             finishJSTest();
+             if (window.testRunner)
+                 testRunner.notifyDone();
+         }
+
+         description('Test that a mp3 media file loaded as an image should not crash.')
+
+         loadImage("../../media/content/silence.mp3").then(image => {
+             testFailed("Decoding an mp3 file to an <img> is not expected to work");
+             endTest();
+         }).catch((error) => {
+             testPassed("Decoding an mp3 file triggers no crash");
+             endTest();
+         });
+        </script>
+        <script src=""
+    </body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (269054 => 269055)


--- trunk/Source/WebCore/ChangeLog	2020-10-27 17:54:44 UTC (rev 269054)
+++ trunk/Source/WebCore/ChangeLog	2020-10-27 17:58:41 UTC (rev 269055)
@@ -1,3 +1,18 @@
+2020-10-27  Philippe Normand  <[email protected]>
+
+        [GStreamer] Bad handling of audio files in the ImageDecoder
+        https://bugs.webkit.org/show_bug.cgi?id=218239
+
+        Reviewed by Adrian Perez de Castro.
+
+        The final main thread notification needs to be blocking otherwise the decoder might get
+        disposed of too early.
+
+        Test: fast/images/animated-image-mp3-crash.html
+
+        * platform/graphics/gstreamer/ImageDecoderGStreamer.cpp:
+        (WebCore::ImageDecoderGStreamer::pushEncodedData):
+
 2020-10-27  Carlos Alberto Lopez Perez  <[email protected]>
 
         Fix build for non-unified builds after r269041.

Modified: trunk/Source/WebCore/platform/graphics/gstreamer/ImageDecoderGStreamer.cpp (269054 => 269055)


--- trunk/Source/WebCore/platform/graphics/gstreamer/ImageDecoderGStreamer.cpp	2020-10-27 17:54:44 UTC (rev 269054)
+++ trunk/Source/WebCore/platform/graphics/gstreamer/ImageDecoderGStreamer.cpp	2020-10-27 17:58:41 UTC (rev 269055)
@@ -404,7 +404,7 @@
         }
     }
     m_innerDecoder = nullptr;
-    callOnMainThread([this] {
+    callOnMainThreadAndWait([&] {
         if (m_encodedDataStatusChangedCallback)
             m_encodedDataStatusChangedCallback(encodedDataStatus());
     });

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to