Initialization data sanitization does not check for empty initData or WebM length |
||
Issue descriptionSanitizeInitData() checks kMaxInitDataLength but not that the data is not empty. WebM is "one or more bytes," and all other formats are probably larger than that. Blink *might* prevent this from happening, but then we should have a DCHECK. Fixing this might be that easy, but we should also ensure we have a test. We might also want to add a lower maximum value for WebM since 64 KB is much larger than a single key ID. We can use limits::kMaxKeyIdLength.
,
Jun 30 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/16f875e5e84f9e1c084d5ca0eecb3ba606be8861 commit 16f875e5e84f9e1c084d5ca0eecb3ba606be8861 Author: jrummell <jrummell@chromium.org> Date: Thu Jun 30 01:18:57 2016 Improve data sanitization of initialization data Data sanitization of the initialization data now verifies data is provided and for WebM, that the size is not larger than a single key ID. BUG= 622840 TEST=EME tests pass checks for empty initData or WebM length Review-Url: https://codereview.chromium.org/2098143002 Cr-Commit-Position: refs/heads/master@{#403053} [modify] https://crrev.com/16f875e5e84f9e1c084d5ca0eecb3ba606be8861/media/blink/webcontentdecryptionmodulesession_impl.cc
,
Nov 18 2016
|
||
►
Sign in to add a comment |
||
Comment 1 by jrumm...@chromium.org
, Jun 23 2016Status: Assigned (was: Untriaged)