Title: [288217] trunk
- Revision
- 288217
- Author
- [email protected]
- Date
- 2022-01-19 11:13:02 -0800 (Wed, 19 Jan 2022)
Log Message
Null check player in taintsOrigin
https://bugs.webkit.org/show_bug.cgi?id=234257
Patch by Rob Buis <[email protected]> on 2022-01-19
Reviewed by Youenn Fablet.
Source/WebCore:
Null check player in taintsOrigin.
Test: fast/media/createImageBitmap-from-video-crash.html
* html/ImageBitmap.cpp:
(WebCore::taintsOrigin):
LayoutTests:
* fast/media/createImageBitmap-from-video-crash-expected.txt: Added.
* fast/media/createImageBitmap-from-video-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (288216 => 288217)
--- trunk/LayoutTests/ChangeLog 2022-01-19 18:38:07 UTC (rev 288216)
+++ trunk/LayoutTests/ChangeLog 2022-01-19 19:13:02 UTC (rev 288217)
@@ -1,5 +1,15 @@
2022-01-19 Rob Buis <[email protected]>
+ Null check player in taintsOrigin
+ https://bugs.webkit.org/show_bug.cgi?id=234257
+
+ Reviewed by Youenn Fablet.
+
+ * fast/media/createImageBitmap-from-video-crash-expected.txt: Added.
+ * fast/media/createImageBitmap-from-video-crash.html: Added.
+
+2022-01-19 Rob Buis <[email protected]>
+
Null check m_progressTracker in clearProvisionalLoad
https://bugs.webkit.org/show_bug.cgi?id=233063
Added: trunk/LayoutTests/fast/media/createImageBitmap-from-video-crash-expected.txt (0 => 288217)
--- trunk/LayoutTests/fast/media/createImageBitmap-from-video-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/media/createImageBitmap-from-video-crash-expected.txt 2022-01-19 19:13:02 UTC (rev 288217)
@@ -0,0 +1 @@
+PASS
Added: trunk/LayoutTests/fast/media/createImageBitmap-from-video-crash.html (0 => 288217)
--- trunk/LayoutTests/fast/media/createImageBitmap-from-video-crash.html (rev 0)
+++ trunk/LayoutTests/fast/media/createImageBitmap-from-video-crash.html 2022-01-19 19:13:02 UTC (rev 288217)
@@ -0,0 +1,18 @@
+<script>
+ window.console.log = function() { };
+ if (window.testRunner) {
+ testRunner.dumpAsText();
+ }
+ _onload_ = async () => {
+ let video = document.createElement('video');
+ video.src = ""
+ await RTCPeerConnection.generateCertificate({
+ name: 'RSASSA-PKCS1-v1_5',
+ modulusLength: 2048,
+ publicExponent: new Uint8Array([1, 0, 1]),
+ hash: 'SHA-256'
+ });
+ try { await createImageBitmap(video, 0, 0, 1, 2); } catch (error) {}
+ }
+</script>
+PASS
Modified: trunk/Source/WebCore/ChangeLog (288216 => 288217)
--- trunk/Source/WebCore/ChangeLog 2022-01-19 18:38:07 UTC (rev 288216)
+++ trunk/Source/WebCore/ChangeLog 2022-01-19 19:13:02 UTC (rev 288217)
@@ -1,5 +1,19 @@
2022-01-19 Rob Buis <[email protected]>
+ Null check player in taintsOrigin
+ https://bugs.webkit.org/show_bug.cgi?id=234257
+
+ Reviewed by Youenn Fablet.
+
+ Null check player in taintsOrigin.
+
+ Test: fast/media/createImageBitmap-from-video-crash.html
+
+ * html/ImageBitmap.cpp:
+ (WebCore::taintsOrigin):
+
+2022-01-19 Rob Buis <[email protected]>
+
Null check m_progressTracker in clearProvisionalLoad
https://bugs.webkit.org/show_bug.cgi?id=233063
Modified: trunk/Source/WebCore/html/ImageBitmap.cpp (288216 => 288217)
--- trunk/Source/WebCore/html/ImageBitmap.cpp 2022-01-19 18:38:07 UTC (rev 288216)
+++ trunk/Source/WebCore/html/ImageBitmap.cpp 2022-01-19 19:13:02 UTC (rev 288217)
@@ -163,7 +163,7 @@
if (!video.hasSingleSecurityOrigin())
return true;
- if (video.player()->didPassCORSAccessCheck())
+ if (!video.player() || video.player()->didPassCORSAccessCheck())
return false;
auto url = ""
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
