Fixed crash in webkitAddKey() when key parameter is null.
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 24 Jul 2012 00:37:36 +0000 (00:37 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 24 Jul 2012 00:37:36 +0000 (00:37 +0000)
https://bugs.webkit.org/show_bug.cgi?id=85444

Patch by David Dorwin <ddorwin@chromium.org> on 2012-07-23
Reviewed by Kentaro Hara.

Reference: Step 1 of http://dvcs.w3.org/hg/html-media/raw-file/5f76a0b43836/encrypted-media/encrypted-media.html#dom-addkey

Source/WebCore:

Tests: media/encrypted-media/encrypted-media-syntax.html

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::webkitAddKey):

LayoutTests:

* media/encrypted-media/encrypted-media-syntax-expected.txt:
* media/encrypted-media/encrypted-media-syntax.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@123409 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/media/encrypted-media/encrypted-media-syntax-expected.txt
LayoutTests/media/encrypted-media/encrypted-media-syntax.html
Source/WebCore/ChangeLog
Source/WebCore/html/HTMLMediaElement.cpp

index ee3bdca..10c7e52 100644 (file)
@@ -1,3 +1,15 @@
+2012-07-23  David Dorwin  <ddorwin@chromium.org>
+
+        Fixed crash in webkitAddKey() when key parameter is null.
+        https://bugs.webkit.org/show_bug.cgi?id=85444
+
+        Reviewed by Kentaro Hara.
+
+        Reference: Step 1 of http://dvcs.w3.org/hg/html-media/raw-file/5f76a0b43836/encrypted-media/encrypted-media.html#dom-addkey
+
+        * media/encrypted-media/encrypted-media-syntax-expected.txt:
+        * media/encrypted-media/encrypted-media-syntax.html:
+
 2012-07-23  Tony Chang  <tony@chromium.org>
 
         http/tests/multipart/policy-ignore-crash.php is failing on Chromium
index ea976a0..fb24787 100644 (file)
@@ -19,6 +19,11 @@ TEST(video.webkitCancelKeyRequest('')) THROWS(DOMException.SYNTAX_ERR) OK
 TEST(video.webkitCancelKeyRequest(null)) THROWS(DOMException.SYNTAX_ERR) OK
 TEST(video.webkitCancelKeyRequest(undefined)) THROWS(DOMException.SYNTAX_ERR) OK
 
+null key is caught before load state is checked.
+TEST(video.webkitAddKey('webkit-org.w3.clearkey', '')) THROWS(DOMException.SYNTAX_ERR) OK
+TEST(video.webkitAddKey('webkit-org.w3.clearkey', null)) THROWS(DOMException.SYNTAX_ERR) OK
+TEST(video.webkitAddKey('webkit-org.w3.clearkey', undefined)) THROWS(DOMException.SYNTAX_ERR) OK
+
 0-length key is caught before load state is checked.
 TEST(video.webkitAddKey('webkit-org.w3.clearkey', new Uint8Array())) THROWS(DOMException.TYPE_MISMATCH_ERR) OK
 
index 62e1afa..3764833 100644 (file)
@@ -42,6 +42,7 @@
 
             consoleWrite("<br>Verify invalid key system parameter is caught before checking whether loading has started.");
             // If the above was not the case, all of these would be INVALID_STATE_ERR.
+            // Also tests "null" case for first parameter.
             testExpected("video.networkState", video.NETWORK_EMPTY);
             testExpected("video.currentSrc", "");
             testException("video.webkitGenerateKeyRequest('')", "DOMException.SYNTAX_ERR");
             testException("video.webkitCancelKeyRequest(null)", "DOMException.SYNTAX_ERR");
             testException("video.webkitCancelKeyRequest(undefined)", "DOMException.SYNTAX_ERR");
 
+            consoleWrite("<br>null key is caught before load state is checked.");
+            testException("video.webkitAddKey('webkit-org.w3.clearkey', '')", "DOMException.SYNTAX_ERR");
+            testException("video.webkitAddKey('webkit-org.w3.clearkey', null)", "DOMException.SYNTAX_ERR");
+            testException("video.webkitAddKey('webkit-org.w3.clearkey', undefined)", "DOMException.SYNTAX_ERR");
+
             consoleWrite("<br>0-length key is caught before load state is checked.");
             testException("video.webkitAddKey('webkit-org.w3.clearkey', new Uint8Array())", "DOMException.TYPE_MISMATCH_ERR");
 
index 1869203..f683a35 100644 (file)
@@ -1,3 +1,17 @@
+2012-07-23  David Dorwin  <ddorwin@chromium.org>
+
+        Fixed crash in webkitAddKey() when key parameter is null.
+        https://bugs.webkit.org/show_bug.cgi?id=85444
+
+        Reviewed by Kentaro Hara.
+
+        Reference: Step 1 of http://dvcs.w3.org/hg/html-media/raw-file/5f76a0b43836/encrypted-media/encrypted-media.html#dom-addkey
+
+        Tests: media/encrypted-media/encrypted-media-syntax.html 
+
+        * html/HTMLMediaElement.cpp:
+        (WebCore::HTMLMediaElement::webkitAddKey):
+
 2012-07-23  Hayato Ito  <hayato@chromium.org>
 
         A FocusScope for a distributed node should not be its TreeScope.
index f16271b..909ef76 100644 (file)
@@ -2557,6 +2557,11 @@ void HTMLMediaElement::webkitAddKey(const String& keySystem, PassRefPtr<Uint8Arr
         return;
     }
 
+    if (!key) {
+        ec = SYNTAX_ERR;
+        return;
+    }
+
     if (!key->length()) {
         ec = TYPE_MISMATCH_ERR;
         return;