third_party/WebKit/Source/modules/encryptedmedia/HTMLMediaElementEncryptedMedia.cpp - Issue 1414553002: Fix out-of-memory crashes related to ArrayBuffer allocation

Unified Diff: third_party/WebKit/Source/modules/encryptedmedia/HTMLMediaElementEncryptedMedia.cpp

Issue 1414553002: Fix out-of-memory crashes related to ArrayBuffer allocation Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: rebase and applied senorblanco+haraken feedbac Created 5 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« third_party/WebKit/Source/modules/crypto/NormalizeAlgorithm.cpp ('K') | « third_party/WebKit/Source/modules/encoding/TextEncoder.idl ('k') | third_party/WebKit/Source/modules/encryptedmedia/MediaKeySession.cpp » ('j') | third_party/WebKit/Source/modules/fetch/Body.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/Source/modules/encryptedmedia/HTMLMediaElementEncryptedMedia.cpp

diff --git a/third_party/WebKit/Source/modules/encryptedmedia/HTMLMediaElementEncryptedMedia.cpp b/third_party/WebKit/Source/modules/encryptedmedia/HTMLMediaElementEncryptedMedia.cpp

index 3882d2596d0d0afa0834fb08fe37aad7d106c794..deb2d6a6630bb301c69c06021dd90991c93a77b1 100644

--- a/third_party/WebKit/Source/modules/encryptedmedia/HTMLMediaElementEncryptedMedia.cpp

+++ b/third_party/WebKit/Source/modules/encryptedmedia/HTMLMediaElementEncryptedMedia.cpp

@@ -359,7 +359,13 @@ static PassRefPtrWillBeRawPtr<Event> createEncryptedEvent(WebEncryptedMediaInitD

{

MediaEncryptedEventInit initializer;

initializer.setInitDataType(EncryptedMediaUtils::convertFromInitDataType(initDataType));

- initializer.setInitData(DOMArrayBuffer::create(initData, initDataLength));

+ // TODO(junov): crbug.com/536816

+ // We should use createOrNull instead of deprecatedCreateOrCrash to

+ // fail gracefully instead of crashing the process when allocation fails.

+ // Need to investigate how this should be handled in the spec.

+ // Would it make sense to throw a RangeError exception from here? Would

+ // it be okay pass a nullptr to setInitData?

+ initializer.setInitData(DOMArrayBuffer::deprecatedCreateOrCrash(initData, initDataLength));

initializer.setBubbles(false);

initializer.setCancelable(false);

@@ -370,7 +376,13 @@ static PassRefPtrWillBeRawPtr<Event> createEncryptedEvent(WebEncryptedMediaInitD

static PassRefPtrWillBeRawPtr<Event> createWebkitNeedKeyEvent(const unsigned char* initData, unsigned initDataLength)

{

MediaKeyEventInit webkitInitializer;

- webkitInitializer.setInitData(DOMUint8Array::create(initData, initDataLength));

+ // TODO(junov): crbug.com/536816

+ // We should use createOrNull instead of deprecatedCreateOrCrash to

+ // fail gracefully instead of crashing the process when allocation fails.

+ // Need to investigate how this should be handled in the spec.

+ // Would it make sense to throw a RangeError exception from here? Would

+ // it be okay pass a nullptr to setInitData?

+ webkitInitializer.setInitData(DOMUint8Array::createOrNull(initData, initDataLength));

return MediaKeyEvent::create(EventTypeNames::webkitneedkey, webkitInitializer);

}

@@ -412,7 +424,8 @@ void HTMLMediaElementEncryptedMedia::generateKeyRequest(WebMediaPlayer* webMedia

void HTMLMediaElementEncryptedMedia::webkitGenerateKeyRequest(HTMLMediaElement& mediaElement, const String& keySystem, ExceptionState& exceptionState)

{

- webkitGenerateKeyRequest(mediaElement, keySystem, DOMUint8Array::create(0), exceptionState);

+ RefPtr<DOMUint8Array> emptyArray = DOMUint8Array::deprecatedCreateOrCrash(nullptr, 0);

+ webkitGenerateKeyRequest(mediaElement, keySystem, emptyArray.release(), exceptionState);

}

void HTMLMediaElementEncryptedMedia::webkitAddKey(HTMLMediaElement& element, const String& keySystem, PassRefPtr<DOMUint8Array> key, PassRefPtr<DOMUint8Array> initData, const String& sessionId, ExceptionState& exceptionState)

@@ -462,7 +475,7 @@ void HTMLMediaElementEncryptedMedia::addKey(WebMediaPlayer* webMediaPlayer, cons

void HTMLMediaElementEncryptedMedia::webkitAddKey(HTMLMediaElement& mediaElement, const String& keySystem, PassRefPtr<DOMUint8Array> key, ExceptionState& exceptionState)

{

- webkitAddKey(mediaElement, keySystem, key, DOMUint8Array::create(0), String(), exceptionState);

+ webkitAddKey(mediaElement, keySystem, key, DOMUint8Array::deprecatedCreateOrCrash(nullptr, 0), String(), exceptionState);

}

void HTMLMediaElementEncryptedMedia::webkitCancelKeyRequest(HTMLMediaElement& element, const String& keySystem, const String& sessionId, ExceptionState& exceptionState)

@@ -550,7 +563,12 @@ void HTMLMediaElementEncryptedMedia::keyMessage(const WebString& keySystem, cons

MediaKeyEventInit initializer;

initializer.setKeySystem(keySystem);

initializer.setSessionId(sessionId);

- initializer.setMessage(DOMUint8Array::create(message, messageLength));

+ // TODO(junov): crbug.com/536816

+ // Should use createOrNull instead of deprecatedCreateOrCrash.

+ // Need to find an acceptable way to fail gracefully when allocation

+ // fails. Possible solutions: throw a RangeError exception, pass

+ // a null message

+ initializer.setMessage(DOMUint8Array::deprecatedCreateOrCrash(message, messageLength));

initializer.setDefaultURL(KURL(defaultURL));

RefPtrWillBeRawPtr<Event> event = MediaKeyEvent::create(EventTypeNames::webkitkeymessage, initializer);

@@ -566,6 +584,8 @@ void HTMLMediaElementEncryptedMedia::encrypted(WebEncryptedMediaInitDataType ini

// Send event for WD EME.

RefPtrWillBeRawPtr<Event> event;

if (m_mediaElement->isMediaDataCORSSameOrigin(m_mediaElement->executionContext()->securityOrigin())) {

+ // FIXME: This creates an event with no data if the allocation of the array buffer fails.

+ // Should we be aborting when that happens?

event = createEncryptedEvent(initDataType, initData, initDataLength);

} else {

// Current page is not allowed to see content from the media file,