From d7a2a7053e05b629fe7271bf8566c19200aa0903 Mon Sep 17 00:00:00 2001 From: Chris Dumez Date: Thu, 2 Feb 2023 19:32:17 -0800 Subject: [PATCH] Fix bug in MediaFormatReader::copyTrackArray() found by new libcpp assertions https://bugs.webkit.org/show_bug.cgi?id=251617 rdar://104967552 Reviewed by Andy Estes and Jer Noble. Dont dereference `m_parseTracksStatus` if the action was aborted, since m_parseTracksStatus will be std::nullopt in this case. * Source/WebKit/Shared/mac/MediaFormatReader/MediaFormatReader.cpp: (WebKit::MediaFormatReader::copyTrackArray): Canonical link: https://commits.webkit.org/259794@main --- Source/WebCore/PAL/pal/spi/cocoa/MediaToolboxSPI.h | 1 + .../Shared/mac/MediaFormatReader/MediaFormatReader.cpp | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Source/WebCore/PAL/pal/spi/cocoa/MediaToolboxSPI.h b/Source/WebCore/PAL/pal/spi/cocoa/MediaToolboxSPI.h index f9a7f670aacc..b234d002a16e 100644 --- a/Source/WebCore/PAL/pal/spi/cocoa/MediaToolboxSPI.h +++ b/Source/WebCore/PAL/pal/spi/cocoa/MediaToolboxSPI.h @@ -42,6 +42,7 @@ enum { kMTPluginFormatReaderError_AllocationFailure = -16501, kMTPluginFormatReaderError_ParsingFailure = -16503, + kMTPluginFormatReaderError_InternalFailure = -16504, kMTPluginSampleCursorError_NoSamples = -16507, kMTPluginSampleCursorError_LocationNotAvailable = -16508, kMTPluginByteSourceError_EndOfStream = -16511, diff --git a/Source/WebKit/Shared/mac/MediaFormatReader/MediaFormatReader.cpp b/Source/WebKit/Shared/mac/MediaFormatReader/MediaFormatReader.cpp index 6a6bdf2f71ca..53b15db1fb67 100644 --- a/Source/WebKit/Shared/mac/MediaFormatReader/MediaFormatReader.cpp +++ b/Source/WebKit/Shared/mac/MediaFormatReader/MediaFormatReader.cpp @@ -1,4 +1,4 @@ -/* +/* * Copyright (C) 2020-2022 Apple Inc. All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -279,6 +279,9 @@ OSStatus MediaFormatReader::copyTrackArray(CFArrayRef* trackArrayCopy) return m_parseTracksStatus.has_value() || action.aborted(); }); + if (action.aborted()) + return kMTPluginFormatReaderError_InternalFailure; + if (*m_parseTracksStatus != noErr) return *m_parseTracksStatus;