Changeset 252511 in webkit
- Timestamp:
- Nov 15, 2019 4:05:01 PM (4 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r252504 r252511 1 2019-11-15 Jer Noble <jer.noble@apple.com> 2 3 CRASH in SourceBuffer::removeCodedFrames() 4 https://bugs.webkit.org/show_bug.cgi?id=204248 5 6 Reviewed by Eric Carlson. 7 8 Speculative fix for rare crash. It's possible that the startTime and endTime inputs to 9 removeCodedFrames() are out-of-order, which could lead to iterating off the end of the 10 SampleMap. Verify that startTime < endTime and bail out early if not true. 11 12 * Modules/mediasource/SourceBuffer.cpp: 13 (WebCore::SourceBuffer::removeCodedFrames): 14 1 15 2019-11-14 Ryosuke Niwa <rniwa@webkit.org> 2 16 -
trunk/Source/WebCore/Modules/mediasource/SourceBuffer.cpp
r251244 r252511 802 802 DEBUG_LOG(LOGIDENTIFIER, "start = ", start, ", end = ", end); 803 803 804 ASSERT(start < end); 805 if (start >= end) 806 return; 807 804 808 // 3.5.9 Coded Frame Removal Algorithm 805 809 // https://dvcs.w3.org/hg/html-media/raw-file/tip/media-source/media-source.html#sourcebuffer-coded-frame-removal
Note: See TracChangeset
for help on using the changeset viewer.