[MSE][Mac] Null-deref in CMSampleBufferIsRandomAccess().
authorjer.noble@apple.com <jer.noble@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 18 Dec 2013 00:56:39 +0000 (00:56 +0000)
committerjer.noble@apple.com <jer.noble@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 18 Dec 2013 00:56:39 +0000 (00:56 +0000)
https://bugs.webkit.org/show_bug.cgi?id=125698

Reviewed by Sam Weinig.

If a given CMSampleBufferRef does not have a sample attachments array (which is unlikely, but
possible), CMSampleBufferGetAttachmentsArray() will return a null value.

Additionally, the CMSampleBuffer documentation states that "samples are assumed to be sync
samples by default", so the absence of an attachment array (or the absense of a
kCMSampleAttachmentKey_NotSync entry in any of the attachment dictionaries) indicates the
sample is sync.

* platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
(WebCore::CMSampleBufferIsRandomAccess):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@160738 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm

index e6770f7..810b362 100644 (file)
@@ -1,3 +1,21 @@
+2013-12-17  Jer Noble  <jer.noble@apple.com>
+
+        [MSE][Mac] Null-deref in CMSampleBufferIsRandomAccess().
+        https://bugs.webkit.org/show_bug.cgi?id=125698
+
+        Reviewed by Sam Weinig.
+
+        If a given CMSampleBufferRef does not have a sample attachments array (which is unlikely, but
+        possible), CMSampleBufferGetAttachmentsArray() will return a null value.
+
+        Additionally, the CMSampleBuffer documentation states that "samples are assumed to be sync
+        samples by default", so the absence of an attachment array (or the absense of a
+        kCMSampleAttachmentKey_NotSync entry in any of the attachment dictionaries) indicates the
+        sample is sync.
+
+        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
+        (WebCore::CMSampleBufferIsRandomAccess):
+
 2013-12-17  Ryosuke Niwa  <rniwa@webkit.org>
 
         Video element's width and height content attributes should not influence intrinsic width and height
index 44a593d..c3bc762 100644 (file)
@@ -222,12 +222,15 @@ PlatformSample MediaSampleAVFObjC::platformSample()
 static bool CMSampleBufferIsRandomAccess(CMSampleBufferRef sample)
 {
     CFArrayRef attachments = CMSampleBufferGetSampleAttachmentsArray(sample, false);
+    if (!attachments)
+        return true;
+
     for (CFIndex i = 0, count = CFArrayGetCount(attachments); i < count; ++i) {
         CFDictionaryRef attachmentDict = (CFDictionaryRef)CFArrayGetValueAtIndex(attachments, i);
-        if (!CFDictionaryContainsKey(attachmentDict, kCMSampleAttachmentKey_NotSync))
-            return true;
+        if (CFDictionaryContainsKey(attachmentDict, kCMSampleAttachmentKey_NotSync))
+            return false;
     }
-    return false;
+    return true;
 }
 
 MediaSample::SampleFlags MediaSampleAVFObjC::flags() const