The cross-origin checks in the multibuffer code are not sufficient, as they only trigger when a red…

media/blink/url_index.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <set>
 #include <utility>
 
 #include "base/bind.h"
 #include "base/message_loop/message_loop.h"
 #include "base/time/time.h"
@@ skipping 24 matching lines @@
 }
 
 void ResourceMultiBuffer::OnEmpty() {
   url_data_->OnEmpty();
 }
 
 UrlData::UrlData(const GURL& url,
                  CORSMode cors_mode,
                  const base::WeakPtr<UrlIndex>& url_index)
     : url_(url),
+      have_data_origin_(false),
       cors_mode_(cors_mode),
       url_index_(url_index),
       length_(kPositionNotSpecified),
       range_supported_(false),
       cacheable_(false),
       last_used_(),
       multibuffer_(this, url_index_->block_shift_),
       frame_(url_index->frame()) {}
 
 UrlData::~UrlData() {}
 
 std::pair<GURL, UrlData::CORSMode> UrlData::key() const {
   DCHECK(thread_checker_.CalledOnValidThread());
   return std::make_pair(url(), cors_mode());
 }
 
 void UrlData::set_valid_until(base::Time valid_until) {
   DCHECK(thread_checker_.CalledOnValidThread());
   valid_until_ = valid_until;
 }
 
 void UrlData::MergeFrom(const scoped_refptr<UrlData>& other) {
   // We're merging from another UrlData that refers to the *same*
   // resource, so when we merge the metadata, we can use the most
   // optimistic values.
-  DCHECK(thread_checker_.CalledOnValidThread());
-  valid_until_ = std::max(valid_until_, other->valid_until_);
-  // set_length() will not override the length if already known.
-  set_length(other->length_);
-  cacheable_ |= other->cacheable_;
-  range_supported_ |= other->range_supported_;
-  if (last_modified_.is_null()) {
-    last_modified_ = other->last_modified_;
+  if (ValidateDataOrigin(other->data_origin_)) {
+    DCHECK(thread_checker_.CalledOnValidThread());
+    valid_until_ = std::max(valid_until_, other->valid_until_);
+    // set_length() will not override the length if already known.
+    set_length(other->length_);
+    cacheable_ |= other->cacheable_;
+    range_supported_ |= other->range_supported_;
+    if (last_modified_.is_null()) {
+      last_modified_ = other->last_modified_;
+    }
+    multibuffer()->MergeFrom(other->multibuffer());
   }
-  multibuffer()->MergeFrom(other->multibuffer());
 }
 
 void UrlData::set_cacheable(bool cacheable) {
   DCHECK(thread_checker_.CalledOnValidThread());
   cacheable_ = cacheable;
 }
 
 void UrlData::set_length(int64_t length) {
   DCHECK(thread_checker_.CalledOnValidThread());
   if (length != kPositionNotSpecified) {
@@ skipping 26 matching lines @@
 void UrlData::OnRedirect(const RedirectCB& cb) {
   DCHECK(thread_checker_.CalledOnValidThread());
   redirect_callbacks_.push_back(cb);
 }
 
 void UrlData::Use() {
   DCHECK(thread_checker_.CalledOnValidThread());
   last_used_ = base::Time::Now();
 }
 
+bool UrlData::ValidateDataOrigin(const GURL& origin) {
+  if (!have_data_origin_) {
+    data_origin_ = origin;
+    have_data_origin_ = true;
+    return true;
+  }
+  if (cors_mode_ == UrlData::CORS_UNSPECIFIED) {
+    return data_origin_ == origin;
+  }
+  // The actual cors checks is done in the net layer.
+  return true;
+}
+
 void UrlData::OnEmpty() {
   DCHECK(thread_checker_.CalledOnValidThread());
   base::MessageLoop::current()->PostTask(
       FROM_HERE, base::Bind(&UrlIndex::RemoveUrlDataIfEmpty, url_index_,
                             scoped_refptr<UrlData>(this)));
 }
 
 bool UrlData::Valid() const {
   DCHECK(thread_checker_.CalledOnValidThread());
   base::Time now = base::Time::Now();
@@ skipping 93 matching lines @@
          url_data->CachedSize() > (*by_url_slot)->CachedSize())) {
       *by_url_slot = url_data;
     } else {
       (*by_url_slot)->MergeFrom(url_data);
     }
   }
   return *by_url_slot;
 }
 
 }  // namespace media