39435 – QTPixelBuffer passes CFDictionaries across the DLL boundary, which can lead to crashes

Bug 39435 - QTPixelBuffer passes CFDictionaries across the DLL boundary, which can lead to crashes

Summary: QTPixelBuffer passes CFDictionaries across the DLL boundary, which can lead t...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Media (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC Windows XP

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar, PlatformOnly

Depends on:
Blocks:

Reported:	2010-05-20 10:55 PDT by Adam Roben (:aroben)
Modified:	2010-05-20 12:40 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
Remove unused code in MediaPlayerPrivateQuickTimeVisualContext and QTPixelBuffer (5.09 KB, patch) 2010-05-20 11:17 PDT, Adam Roben (:aroben)	darin: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Adam Roben (:aroben) 2010-05-20 10:55:23 PDT

QTPixelBuffer::attachments returns a CFDictionary that was created with QuickTime's CF. This is not necessarily compatible with the CF that WebKit uses, so this is unsafe.

Comment 1 Adam Roben (:aroben) 2010-05-20 10:56:05 PDT

<rdar://problem/8009278>

Comment 2 Adam Roben (:aroben) 2010-05-20 11:17:32 PDT

Created attachment 56612 [details]
Remove unused code in MediaPlayerPrivateQuickTimeVisualContext and QTPixelBuffer

Comment 3 Adam Roben (:aroben) 2010-05-20 11:53:48 PDT

Committed r59854: <http://trac.webkit.org/changeset/59854>

Comment 4 WebKit Review Bot 2010-05-20 12:40:26 PDT

http://trac.webkit.org/changeset/59854 might have broken Tiger Intel Release
The following changes are on the blame list:
http://trac.webkit.org/changeset/59850
http://trac.webkit.org/changeset/59851
http://trac.webkit.org/changeset/59852
http://trac.webkit.org/changeset/59853
http://trac.webkit.org/changeset/59854