[webkit-changes] [180383] branches/safari-600.5-branch/Source/WebCore

Thu, 19 Feb 2015 21:41:21 -0800

Title: [180383] branches/safari-600.5-branch/Source/WebCore
Revision
180383
Author
dburk...@apple.com
Date
2015-02-19 21:40:21 -0800 (Thu, 19 Feb 2015)

Log Message

Merged r179956. <rdar://19812935>


Modified Paths

Diff

Modified: branches/safari-600.5-branch/Source/WebCore/ChangeLog (180382 => 180383)


--- branches/safari-600.5-branch/Source/WebCore/ChangeLog	2015-02-20 05:37:05 UTC (rev 180382)
+++ branches/safari-600.5-branch/Source/WebCore/ChangeLog	2015-02-20 05:40:21 UTC (rev 180383)
@@ -1,5 +1,26 @@
 2015-02-19  Dana Burkart  <dburk...@apple.com>
 
+        Merged r179956. <rdar://problem/19812935>
+
+    2015-02-11  Jer Noble  <jer.no...@apple.com>
+
+            [MSE] SampleMap::addRange() returns an inverted iterator_range, possibly causing a crash when that iterator_range is traversed.
+            https://bugs.webkit.org/show_bug.cgi?id=141479
+            rdar://problem/19067597
+
+            Reviewed by Chris Dumez.
+
+            When looking backwards through a presentationOrder map to find samples, we then reverse our iterators
+            and put them in an iterator_range to return to the caller. But in addition to reversing the iterators
+            themselves, we also need to put them in the iterator_range in reverse order, so that when the caller
+            iterates from iterator_range.first -> iterator_range.second, they don't end up off the end of the
+            the underlying storage.
+
+            * Modules/mediasource/SampleMap.cpp:
+            (WebCore::PresentationOrderSampleMap::findSamplesWithinPresentationRangeFromEnd):
+
+2015-02-19  Dana Burkart  <dburk...@apple.com>
+
         Merged r179937. <rdar://problem/19812932>
 
     2015-02-11  Sam Weinig  <s...@webkit.org>

Modified: branches/safari-600.5-branch/Source/WebCore/Modules/mediasource/SampleMap.cpp (180382 => 180383)


--- branches/safari-600.5-branch/Source/WebCore/Modules/mediasource/SampleMap.cpp	2015-02-20 05:37:05 UTC (rev 180382)
+++ branches/safari-600.5-branch/Source/WebCore/Modules/mediasource/SampleMap.cpp	2015-02-20 05:40:21 UTC (rev 180383)
@@ -252,7 +252,7 @@
         return value.second->presentationTime() <= endTime;
     });
 
-    return iterator_range(rangeStart.base(), rangeEnd.base());
+    return iterator_range(rangeEnd.base(), rangeStart.base());
 }
 
 DecodeOrderSampleMap::reverse_iterator_range DecodeOrderSampleMap::findDependentSamples(MediaSample* sample)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to