Skip to site navigation (Press enter)

[webkit-changes] [109261] trunk

tommyw Wed, 29 Feb 2012 14:14:07 -0800

Title: [109261] trunk

Revision: 109261
Author: [email protected]
Date: 2012-02-29 14:13:54 -0800 (Wed, 29 Feb 2012)

Log Message

MediaStream API: MediaStreamTrackList out-of-bounds access fix
https://bugs.webkit.org/show_bug.cgi?id=79889


Reviewed by Adam Barth.

Out-of-bounds access to MediaStreamTrackList ASSERTS instead of returning 0,
this is not according to ecmascript standard. Also fixed a similar issue in MediaStreamList.

Source/WebCore:

Test: fast/mediastream/peerconnection-mediastreamlist.html

* Modules/mediastream/MediaStreamList.cpp:
(WebCore::MediaStreamList::item):
* Modules/mediastream/MediaStreamTrackList.cpp:
(WebCore::MediaStreamTrackList::item):

LayoutTests:

* fast/mediastream/peerconnection-mediastreamlist-expected.txt: Added.
* fast/mediastream/peerconnection-mediastreamlist.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/Modules/mediastream/MediaStreamList.cpp
trunk/Source/WebCore/Modules/mediastream/MediaStreamTrackList.cpp

Added Paths

trunk/LayoutTests/fast/mediastream/peerconnection-mediastreamlist-expected.txt
trunk/LayoutTests/fast/mediastream/peerconnection-mediastreamlist.html

Diff

Modified: trunk/LayoutTests/ChangeLog (109260 => 109261)


--- trunk/LayoutTests/ChangeLog	2012-02-29 22:12:12 UTC (rev 109260)
+++ trunk/LayoutTests/ChangeLog	2012-02-29 22:13:54 UTC (rev 109261)
@@ -1,3 +1,16 @@
+2012-02-29  Tommy Widenflycht  <[email protected]>
+
+        MediaStream API: MediaStreamTrackList out-of-bounds access fix
+        https://bugs.webkit.org/show_bug.cgi?id=79889
+
+        Reviewed by Adam Barth.
+
+        Out-of-bounds access to MediaStreamTrackList ASSERTS instead of returning 0,
+        this is not according to ecmascript standard. Also fixed a similar issue in MediaStreamList.
+
+        * fast/mediastream/peerconnection-mediastreamlist-expected.txt: Added.
+        * fast/mediastream/peerconnection-mediastreamlist.html: Added.
+
 2012-02-29  Adam Klein  <[email protected]>
 
         Unreviewed gardening, mark a few more tests as passing.

Added: trunk/LayoutTests/fast/mediastream/peerconnection-mediastreamlist-expected.txt (0 => 109261)


--- trunk/LayoutTests/fast/mediastream/peerconnection-mediastreamlist-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/mediastream/peerconnection-mediastreamlist-expected.txt	2012-02-29 22:13:54 UTC (rev 109261)
@@ -0,0 +1,10 @@
+This test confirms that out-of-bounds access of MediaStreamList returns undefined.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS pc.localStreams[0xbadc0ded] is undefined.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Added: trunk/LayoutTests/fast/mediastream/peerconnection-mediastreamlist.html (0 => 109261)


--- trunk/LayoutTests/fast/mediastream/peerconnection-mediastreamlist.html	                        (rev 0)
+++ trunk/LayoutTests/fast/mediastream/peerconnection-mediastreamlist.html	2012-02-29 22:13:54 UTC (rev 109261)
@@ -0,0 +1,22 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href=""
+<script src=""
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+</body>
+<script>
+description("This test confirms that out-of-bounds access of MediaStreamList returns undefined.");
+
+var pc = new webkitPeerConnection("", function() {});
+
+shouldBeUndefined('pc.localStreams[0xbadc0ded]');
+
+window.successfullyParsed = true;
+
+</script>
+<script src=""
+</html>

Modified: trunk/Source/WebCore/ChangeLog (109260 => 109261)


--- trunk/Source/WebCore/ChangeLog	2012-02-29 22:12:12 UTC (rev 109260)
+++ trunk/Source/WebCore/ChangeLog	2012-02-29 22:13:54 UTC (rev 109261)
@@ -1,3 +1,20 @@
+2012-02-29  Tommy Widenflycht  <[email protected]>
+
+        MediaStream API: MediaStreamTrackList out-of-bounds access fix
+        https://bugs.webkit.org/show_bug.cgi?id=79889
+
+        Reviewed by Adam Barth.
+
+        Out-of-bounds access to MediaStreamTrackList ASSERTS instead of returning 0,
+        this is not according to ecmascript standard. Also fixed a similar issue in MediaStreamList.
+
+        Test: fast/mediastream/peerconnection-mediastreamlist.html
+
+        * Modules/mediastream/MediaStreamList.cpp:
+        (WebCore::MediaStreamList::item):
+        * Modules/mediastream/MediaStreamTrackList.cpp:
+        (WebCore::MediaStreamTrackList::item):
+
 2012-02-29  Leo Yang  <[email protected]>
 
         [BlackBerry] Upstream the BlackBerry change to platform/graphics/FloatSize.h

Modified: trunk/Source/WebCore/Modules/mediastream/MediaStreamList.cpp (109260 => 109261)


--- trunk/Source/WebCore/Modules/mediastream/MediaStreamList.cpp	2012-02-29 22:12:12 UTC (rev 109260)
+++ trunk/Source/WebCore/Modules/mediastream/MediaStreamList.cpp	2012-02-29 22:13:54 UTC (rev 109261)
@@ -50,6 +50,8 @@
 
 MediaStream* MediaStreamList::item(unsigned index) const
 {
+    if (index >= m_streams.size())
+        return 0;
     return m_streams[index].get();
 }

Modified: trunk/Source/WebCore/Modules/mediastream/MediaStreamTrackList.cpp (109260 => 109261)


--- trunk/Source/WebCore/Modules/mediastream/MediaStreamTrackList.cpp	2012-02-29 22:12:12 UTC (rev 109260)
+++ trunk/Source/WebCore/Modules/mediastream/MediaStreamTrackList.cpp	2012-02-29 22:13:54 UTC (rev 109261)
@@ -51,7 +51,8 @@
 
 MediaStreamTrack* MediaStreamTrackList::item(unsigned index) const
 {
-    ASSERT(index < length());
+    if (index >= m_trackVector.size())
+        return 0;
     return m_trackVector[index].get();
 }

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes