Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 5c059ab32c26d642874354e3be0f8802d8e71e1b
https://github.com/WebKit/WebKit/commit/5c059ab32c26d642874354e3be0f8802d8e71e1b
Author: Arunsundar Kannan <[email protected]>
Date: 2023-05-22 (Mon, 22 May 2023)
Changed paths:
A
LayoutTests/http/tests/media/fairplay/fps-init-data-sinf-oob-crash-expected.txt
A LayoutTests/http/tests/media/fairplay/fps-init-data-sinf-oob-crash.html
M Source/WebCore/platform/graphics/iso/ISOTrackEncryptionBox.cpp
Log Message:
-----------
CDMPrivateFairPlayStreaming parsing of WebCore::ISOTrackEncryptionBox can
lead to a heap-buffer-overflow.
https://bugs.webkit.org/show_bug.cgi?id=254781.
rdar://103849722
Reviewed by Jer Noble.
WebCore::ISOTrackEncryptionBox::parse() is missing basic bounds checking before
memcpy. This change add the check.
*
LayoutTests/http/tests/media/fairplay/fps-init-data-sinf-oob-crash-expected.txt:
Added.
* LayoutTests/http/tests/media/fairplay/fps-init-data-sinf-oob-crash.html:
Added.
* Source/WebCore/platform/graphics/iso/ISOTrackEncryptionBox.cpp:
(WebCore::ISOTrackEncryptionBox::parse):
Originally-landed-as: 259548.536@safari-7615-branch (8320a5247c74).
rdar://103849722
Canonical link: https://commits.webkit.org/264364@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
