195555 2019-03-11 07:42:31 -0700 [EME] generateRequest was not using the sanitized init data 2019-03-12 01:30:23 -0700 1 1 1 Unclassified WebKit New Bugs WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 calvaris calvaris commit-queue cturner eric.carlson jer.noble jonlee webkit-bug-importer oldest_to_newest 1514763 0 calvaris 2019-03-11 07:42:31 -0700 [EME] generateRequest was not using the sanitized init data 1514765 1 364251 calvaris 2019-03-11 07:43:38 -0700 Created attachment 364251 Patch 1514959 2 364251 jonlee 2019-03-11 13:09:03 -0700 Comment on attachment 364251 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=364251&action=review > Source/WebCore/Modules/encryptedmedia/MediaKeySession.cpp:203 > + m_instanceSession->requestLicense(m_sessionType, initDataType, sanitizedInitData.releaseNonNull(), [this, weakThis = makeWeakPtr(*this), promise = WTFMove(promise)] (Ref<SharedBuffer>&& message, const String& sessionId, bool needsIndividualization, CDMInstanceSession::SuccessValue succeeded) mutable { How can we test this? 1515354 3 calvaris 2019-03-12 01:01:52 -0700 (In reply to Jon Lee from comment #2) > How can we test this? I think there should be a W3C test for this if there is none, idealy for ClearKey. Anyway for our current code for ClearKey it can't be properly tested as we'd never reach that codepath. We don't have a sanitation code path either for cenc or WebM that modifies the init data without raising an error and returning an empty init data. I'm landing the patch, if we think we require further testing, we can open another bug. 1515358 4 364251 commit-queue 2019-03-12 01:29:12 -0700 Comment on attachment 364251 Patch Clearing flags on attachment: 364251 Committed r242787: <https://trac.webkit.org/changeset/242787> 1515359 5 commit-queue 2019-03-12 01:29:14 -0700 All reviewed patches have been landed. Closing bug. 1515360 6 webkit-bug-importer 2019-03-12 01:30:23 -0700 <rdar://problem/48801163> 364251 2019-03-11 07:43:38 -0700 2019-03-12 01:29:12 -0700 Patch bug-195555-20190311154336.patch text/plain 1997 calvaris U3VidmVyc2lvbiBSZXZpc2lvbjogMjQyNjk5CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggNGNjMGI2MmUzYTFhMzVl YmExYjJhMTlmNWQzMGFkOGMyOGJmMzJhNC4uMWIzZWIxNGI1NzIzYjQzMzc3ZjljNDY1ZTQxYzll NzI3YjEzMTM5MCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE0IEBACisyMDE5LTAzLTExICBYYWJp ZXIgUm9kcmlndWV6IENhbHZhciAgPGNhbHZhcmlzQGlnYWxpYS5jb20+CisKKyAgICAgICAgW0VN RV0gZ2VuZXJhdGVSZXF1ZXN0IHdhcyBub3QgdXNpbmcgdGhlIHNhbml0aXplZCBpbml0IGRhdGEK KyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE5NTU1NQor CisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgICogTW9kdWxl cy9lbmNyeXB0ZWRtZWRpYS9NZWRpYUtleVNlc3Npb24uY3BwOgorICAgICAgICAoV2ViQ29yZTo6 TWVkaWFLZXlTZXNzaW9uOjpnZW5lcmF0ZVJlcXVlc3QpOiBVc2Ugc2FuaXRpemVkIGluaXQKKyAg ICAgICAgZGF0YSBpbnN0ZWFkIG9mIHRoZSBvcmlnaW5hbCBvbmUuCisKIDIwMTktMDMtMTAgIFJv c3MgS2lyc2xpbmcgIDxyb3NzLmtpcnNsaW5nQHNvbnkuY29tPgogCiAgICAgICAgIEludmFsaWQg ZmxhZ3MgaW4gYSBSZWdFeHAgbGl0ZXJhbCBzaG91bGQgYmUgYW4gZWFybHkgU3ludGF4RXJyb3IK ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL01vZHVsZXMvZW5jcnlwdGVkbWVkaWEvTWVkaWFL ZXlTZXNzaW9uLmNwcCBiL1NvdXJjZS9XZWJDb3JlL01vZHVsZXMvZW5jcnlwdGVkbWVkaWEvTWVk aWFLZXlTZXNzaW9uLmNwcAppbmRleCA3YjM4NDUwZDZlODJkYTA2ZmZiMmI5NjJhNGU5ODNiMThl ZDFkOTMyLi4wNDA0ZDg2ZjRkZjI0MDkxZDM2NjYwZTI0YzM0ZDNlODFkZTUzYmEzIDEwMDY0NAot LS0gYS9Tb3VyY2UvV2ViQ29yZS9Nb2R1bGVzL2VuY3J5cHRlZG1lZGlhL01lZGlhS2V5U2Vzc2lv bi5jcHAKKysrIGIvU291cmNlL1dlYkNvcmUvTW9kdWxlcy9lbmNyeXB0ZWRtZWRpYS9NZWRpYUtl eVNlc3Npb24uY3BwCkBAIC0yMDAsNyArMjAwLDcgQEAgdm9pZCBNZWRpYUtleVNlc3Npb246Omdl bmVyYXRlUmVxdWVzdChjb25zdCBBdG9taWNTdHJpbmcmIGluaXREYXRhVHlwZSwgY29uc3QgQnUK ICAgICAgICAgfQogCiAgICAgICAgIExPRyhFTUUsICJFTUUgLSByZXF1ZXN0IGxpY2Vuc2UgZnJv bSBDRE0gaW1wbGVtZW50YXRpb24iKTsKLSAgICAgICAgbV9pbnN0YW5jZVNlc3Npb24tPnJlcXVl c3RMaWNlbnNlKG1fc2Vzc2lvblR5cGUsIGluaXREYXRhVHlwZSwgV1RGTW92ZShpbml0RGF0YSks IFt0aGlzLCB3ZWFrVGhpcyA9IG1ha2VXZWFrUHRyKCp0aGlzKSwgcHJvbWlzZSA9IFdURk1vdmUo cHJvbWlzZSldIChSZWY8U2hhcmVkQnVmZmVyPiYmIG1lc3NhZ2UsIGNvbnN0IFN0cmluZyYgc2Vz c2lvbklkLCBib29sIG5lZWRzSW5kaXZpZHVhbGl6YXRpb24sIENETUluc3RhbmNlU2Vzc2lvbjo6 U3VjY2Vzc1ZhbHVlIHN1Y2NlZWRlZCkgbXV0YWJsZSB7CisgICAgICAgIG1faW5zdGFuY2VTZXNz aW9uLT5yZXF1ZXN0TGljZW5zZShtX3Nlc3Npb25UeXBlLCBpbml0RGF0YVR5cGUsIHNhbml0aXpl ZEluaXREYXRhLnJlbGVhc2VOb25OdWxsKCksIFt0aGlzLCB3ZWFrVGhpcyA9IG1ha2VXZWFrUHRy KCp0aGlzKSwgcHJvbWlzZSA9IFdURk1vdmUocHJvbWlzZSldIChSZWY8U2hhcmVkQnVmZmVyPiYm IG1lc3NhZ2UsIGNvbnN0IFN0cmluZyYgc2Vzc2lvbklkLCBib29sIG5lZWRzSW5kaXZpZHVhbGl6 YXRpb24sIENETUluc3RhbmNlU2Vzc2lvbjo6U3VjY2Vzc1ZhbHVlIHN1Y2NlZWRlZCkgbXV0YWJs ZSB7CiAgICAgICAgICAgICBpZiAoIXdlYWtUaGlzKQogICAgICAgICAgICAgICAgIHJldHVybjsK IAo=