[Bug 24904] New: Uint8Array parameters should not be modifiable after method calls return from bugzilla@jessica.w3.org on 2014-03-03 (public-html-bugzilla@w3.org from March 2014)

From: <bugzilla@jessica.w3.org>
Date: Mon, 03 Mar 2014 23:45:09 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-24904-2486@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=24904

            Bug ID: 24904
           Summary: Uint8Array parameters should not be modifiable after
                    method calls return
           Product: HTML WG
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P3
         Component: Encrypted Media Extensions
          Assignee: adrianba@microsoft.com
          Reporter: ddorwin@google.com
        QA Contact: public-html-bugzilla@w3.org
                CC: hsivonen@hsivonen.fi, mike@w3.org,
                    public-html-media@w3.org, silviapfeiffer1@gmail.com,
                    watsonm@netflix.com

MediaKeys.createSession() and MediaKeySession.update() both accept Uint8Arrays.
Since these methods schedule a task, it's possible that JavaScript can modify
the contents of those arrays before the task is run.

For example:
  array[0]=0;
  mediaKeys.createSession("video/webm", array);
  array[0]=9;
  // Scheduled task will run later and see 9 in the first element.

Similar issues have been reported in MSE, WebCrypto, and DataCue in the HTML
spec (bug 24687).

This was originally raised in
http://lists.w3.org/Archives/Public/public-html-media/2014Feb/0019.html. The
consensus in that thread seems to be:
1) We should have a consistent approach across specs.
2) The behavior should instead be effectively a copy (implemented using a
copy-on-write optimization if desired).

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Monday, 3 March 2014 23:45:11 UTC