RESOLVED INVALID 218182
[GStreamer][EME][Thunder] Do not sanitize CENC init data 
https://bugs.webkit.org/show_bug.cgi?id=218182
Summary [GStreamer][EME][Thunder] Do not sanitize CENC init data
Xabier Rodríguez Calvar
Reported 2020-10-26 06:05:30 PDT
[GStreamer][EME][Thunder] Do not sanitize CENC init data
Attachments
Patch (5.65 KB, patch)
2020-10-26 06:07 PDT, Xabier Rodríguez Calvar 		no flags
DetailsFormatted DiffDiff
Patch (5.68 KB, patch)
2020-10-26 09:33 PDT, Xabier Rodríguez Calvar 		pnormand: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Xabier Rodríguez Calvar
Comment 1 2020-10-26 06:07:36 PDT
Created attachment 412311 [details] Patch
Xabier Rodríguez Calvar
Comment 2 2020-10-26 09:33:27 PDT
Created attachment 412322 [details] Patch
Philippe Normand
Comment 3 2020-10-26 10:13:44 PDT
Comment on attachment 412322 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=412322&action=review > Source/WebCore/platform/encryptedmedia/CDMPrivate.h:77 > + WEBCORE_EXPORT virtual RefPtr<SharedBuffer> sanitizeInitData(const AtomString& initDataType, const SharedBuffer& initData) const; Why the WEBCORE_EXPORT?
Xabier Rodríguez Calvar
Comment 4 2020-10-27 05:34:57 PDT
Because the former patch failed to build without it when linking with the Mock in the tests.
Philippe Normand
Comment 5 2020-10-27 08:27:57 PDT
Failed how?
Xabier Rodríguez Calvar
Comment 6 2020-10-27 23:57:56 PDT
Link error cause the mock is in the tests and that is not in WebCore
Xabier Rodríguez Calvar
Comment 7 2020-10-28 08:24:52 PDT
Committed r269103: <https://trac.webkit.org/changeset/269103>
Radar WebKit Bug Importer
Comment 8 2020-10-28 08:25:23 PDT
<rdar://problem/70764876>
Philippe Normand
Comment 9 2021-11-27 09:03:33 PST
I'm afraid this actually goes against the spec: https://www.w3.org/TR/encrypted-media/#dom-mediakeysession-generaterequest (step 10.2 quoted below) --- Let sanitized init data be a validated and sanitized version of init data. The user agent must thoroughly validate the Initialization Data before passing it to the CDM. This includes verifying that the length and values of fields are reasonable, verifying that values are within reasonable limits, and stripping irrelevant, unsupported, or unknown data or fields. It is recommended that user agents pre-parse, sanitize, and/or generate a fully sanitized version of the Initialization Data. If the Initialization Data format specified by initDataType supports multiple entries, the user agent should remove entries that are not needed by the CDM. The user agent must not re-order entries within the Initialization Data. --- I think the real issue is in the app side. Let's revert this patch?
WebKit Commit Bot
Comment 10 2021-11-30 03:47:12 PST
Re-opened since this is blocked by bug 233630
Note You need to log in before you can comment on or make changes to this bug.