Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: c1787ccc4e9191a754f0ccfd07ad2d2f74a52b78
https://github.com/WebKit/WebKit/commit/c1787ccc4e9191a754f0ccfd07ad2d2f74a52b78
Author: Youenn Fablet <[email protected]>
Date: 2023-12-20 (Wed, 20 Dec 2023)
Changed paths:
A LayoutTests/http/wpt/webcodecs/videoFrame-rect-expected.txt
A LayoutTests/http/wpt/webcodecs/videoFrame-rect.html
M LayoutTests/platform/wpe/TestExpectations
M Source/WebCore/Modules/webcodecs/WebCodecsVideoFrameAlgorithms.cpp
Log Message:
-----------
jsc_fuz/wktr: heap-buffer-overflow in
WebCore::WebCodecsVideoFrame::copyTo(...) WebCodecsVideoFrame.cpp:488
https://bugs.webkit.org/show_bug.cgi?id=262955
rdar://115835656
Reviewed by Eric Carlson.
We add a check that x and y are positive or zero.
Otherwise, we might still pass the check that the total width or height is
below the codedWidth/codedHeight, while it is not.
* LayoutTests/http/wpt/webcodecs/videoFrame-rect-expected.txt: Added.
* LayoutTests/http/wpt/webcodecs/videoFrame-rect.html: Added.
* Source/WebCore/Modules/webcodecs/WebCodecsVideoFrameAlgorithms.cpp:
(WebCore::parseVisibleRect):
Originally-landed-as: 267815.265@safari-7617-branch (aa715fb68472).
rdar://119565892
Canonical link: https://commits.webkit.org/272352@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
