Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: e8a476cd12df5fb1ea1f682f1c2381397c44ccef
https://github.com/WebKit/WebKit/commit/e8a476cd12df5fb1ea1f682f1c2381397c44ccef
Author: Youenn Fablet <[email protected]>
Date: 2026-07-02 (Thu, 02 Jul 2026)
Changed paths:
A LayoutTests/webrtc/addTrack-simulcast-expected.txt
A LayoutTests/webrtc/addTrack-simulcast.html
M
Source/ThirdParty/libwebrtc/Source/webrtc/modules/video_coding/video_codec_initializer.cc
M Source/ThirdParty/libwebrtc/Source/webrtc/pc/sdp_offer_answer.cc
M
Source/WebCore/platform/mediastream/cocoa/RealtimeOutgoingVideoSourceCocoa.cpp
Log Message:
-----------
Stack buffer overflow in WebKit libwebrtc VideoCodecInitializer via remote
SDP simulcast layers leads to WebContent memory corruption
rdar://175624943
Reviewed by Eric Carlson.
When computing send encodings from remote SDP, we trim them according the max
simulcast encodings, like done for addTransceiver.
We also change the debug check VideoCodecInitializer::SetupCodec in a release
check as a further mitigation.
Test: webrtc/addTrack-simulcast.html
* LayoutTests/webrtc/addTrack-simulcast-expected.txt: Added.
* LayoutTests/webrtc/addTrack-simulcast.html: Added.
*
Source/ThirdParty/libwebrtc/Source/webrtc/modules/video_coding/video_codec_initializer.cc:
* Source/ThirdParty/libwebrtc/Source/webrtc/pc/sdp_offer_answer.cc:
Originally-landed-as: 305413.820@safari-7624-branch (0d8fd1ca4be9).
rdar://181073924
Canonical link: https://commits.webkit.org/316431@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications