Title: [292044] trunk/Source/WebKit
- Revision
- 292044
- Author
- eric.carl...@apple.com
- Date
- 2022-03-29 11:15:41 -0700 (Tue, 29 Mar 2022)
Log Message
Don't send sync RemoteMediaPlayerProxy messages that we know will fail
https://bugs.webkit.org/show_bug.cgi?id=238467
rdar://86662565
Reviewed by Jer Noble.
* WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp:
(WebKit::MediaPlayerPrivateRemote::videoFrameForCurrentTime): Return early if
readyState is less than HaveCurrentData, or if the first frame is not available.
* WebProcess/GPU/media/cocoa/MediaPlayerPrivateRemoteCocoa.mm:
(WebKit::MediaPlayerPrivateRemote::nativeImageForCurrentTime): Ditto.
(WebKit::MediaPlayerPrivateRemote::colorSpace): Ditto.
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (292043 => 292044)
--- trunk/Source/WebKit/ChangeLog 2022-03-29 17:55:21 UTC (rev 292043)
+++ trunk/Source/WebKit/ChangeLog 2022-03-29 18:15:41 UTC (rev 292044)
@@ -1,3 +1,19 @@
+2022-03-29 Eric Carlson <eric.carl...@apple.com>
+
+ Don't send sync RemoteMediaPlayerProxy messages that we know will fail
+ https://bugs.webkit.org/show_bug.cgi?id=238467
+ rdar://86662565
+
+ Reviewed by Jer Noble.
+
+ * WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp:
+ (WebKit::MediaPlayerPrivateRemote::videoFrameForCurrentTime): Return early if
+ readyState is less than HaveCurrentData, or if the first frame is not available.
+
+ * WebProcess/GPU/media/cocoa/MediaPlayerPrivateRemoteCocoa.mm:
+ (WebKit::MediaPlayerPrivateRemote::nativeImageForCurrentTime): Ditto.
+ (WebKit::MediaPlayerPrivateRemote::colorSpace): Ditto.
+
2022-03-29 Devin Rousso <drou...@apple.com>
Unreviewed, fix UAF after r291980
Modified: trunk/Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp (292043 => 292044)
--- trunk/Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp 2022-03-29 17:55:21 UTC (rev 292043)
+++ trunk/Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp 2022-03-29 18:15:41 UTC (rev 292044)
@@ -1012,6 +1012,9 @@
RefPtr<WebCore::VideoFrame> MediaPlayerPrivateRemote::videoFrameForCurrentTime()
{
+ if (readyState() < MediaPlayer::ReadyState::HaveCurrentData)
+ return { };
+
std::optional<RemoteVideoFrameProxy::Properties> result;
bool changed = false;
if (!connection().sendSync(Messages::RemoteMediaPlayerProxy::VideoFrameForCurrentTimeIfChanged(), Messages::RemoteMediaPlayerProxy::VideoFrameForCurrentTimeIfChanged::Reply(result, changed), m_id))
Modified: trunk/Source/WebKit/WebProcess/GPU/media/cocoa/MediaPlayerPrivateRemoteCocoa.mm (292043 => 292044)
--- trunk/Source/WebKit/WebProcess/GPU/media/cocoa/MediaPlayerPrivateRemoteCocoa.mm 2022-03-29 17:55:21 UTC (rev 292043)
+++ trunk/Source/WebKit/WebProcess/GPU/media/cocoa/MediaPlayerPrivateRemoteCocoa.mm 2022-03-29 18:15:41 UTC (rev 292044)
@@ -59,6 +59,9 @@
RefPtr<NativeImage> MediaPlayerPrivateRemote::nativeImageForCurrentTime()
{
+ if (readyState() < MediaPlayer::ReadyState::HaveCurrentData)
+ return { };
+
if (m_pixelBufferGatheredWithVideoFrameMetadata) {
if (!m_pixelBufferConformer)
m_pixelBufferConformer = makeUnique<PixelBufferConformerCV>((__bridge CFDictionaryRef)@{ (__bridge NSString *)kCVPixelBufferPixelFormatTypeKey: @(kCVPixelFormatType_32BGRA) });
@@ -90,6 +93,9 @@
WebCore::DestinationColorSpace MediaPlayerPrivateRemote::colorSpace()
{
auto colorSpace = DestinationColorSpace::SRGB();
+ if (readyState() < MediaPlayer::ReadyState::HaveCurrentData)
+ return colorSpace;
+
connection().sendSync(Messages::RemoteMediaPlayerProxy::ColorSpace(), Messages::RemoteMediaPlayerProxy::ColorSpace::Reply(colorSpace), m_id);
return colorSpace;
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
