From 7b69bbfb243a1519e3b52ceb58de0ae9b60d3f3b Mon Sep 17 00:00:00 2001 From: whuqincheng Date: Sun, 29 Dec 2024 09:52:54 +0800 Subject: [PATCH 1/3] media_source solve UAF Signed-off-by: whuqincheng --- .../ohos/ohos_custom_media_player_renderer.cc | 15 ++++++++------- .../ohos/ohos_custom_media_player_renderer.h | 2 +- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/content/browser/media/ohos/ohos_custom_media_player_renderer.cc b/content/browser/media/ohos/ohos_custom_media_player_renderer.cc index 4081281c21..b1070aa7a9 100644 --- a/content/browser/media/ohos/ohos_custom_media_player_renderer.cc +++ b/content/browser/media/ohos/ohos_custom_media_player_renderer.cc @@ -262,7 +262,8 @@ void OHOSCustomMediaPlayerRenderer::Initialize(media::MediaResource* media_resou } init_cb_ = std::move(init_cb); - media_resource_ = media_resource; + // media_resource_ = media_resource; + media_url_params_ = media_resource->GetMediaUrlParams(); GetCookies(); } @@ -270,13 +271,13 @@ void OHOSCustomMediaPlayerRenderer::Initialize(media::MediaResource* media_resou void OHOSCustomMediaPlayerRenderer::GetCookies() { DCHECK_CURRENTLY_ON(BrowserThread::UI); - const GURL& url = media_resource_->GetMediaUrlParams().media_url; + const GURL& url = media_url_params_.media_url; const net::SiteForCookies& site_for_cookies = - media_resource_->GetMediaUrlParams().site_for_cookies; + media_url_params_.site_for_cookies; const url::Origin& top_frame_origin = - media_resource_->GetMediaUrlParams().top_frame_origin; + media_url_params_.top_frame_origin; bool has_storage_access = - media_resource_->GetMediaUrlParams().has_storage_access; + media_url_params_.has_storage_access; base::OnceCallback callback = base::BindOnce(&OHOSCustomMediaPlayerRenderer::OnCookiesRetrieved, @@ -366,7 +367,7 @@ void OHOSCustomMediaPlayerRenderer::CreateMediaPlayer() { for (const auto& info : source_infos_) { media_info.media_src_list.push_back({ static_cast( - media_resource_->GetMediaUrlParams().custom_media_url_params.media_source_type), + media_url_params_.custom_media_url_params.media_source_type), info.media_source, info.media_format}); } media_info.surface_info.id = surface_id_string; @@ -379,7 +380,7 @@ void OHOSCustomMediaPlayerRenderer::CreateMediaPlayer() { media_info.muted = muted_; media_info.poster_url = poster_url_; media_info.preload = ConvertTo( - media_resource_->GetMediaUrlParams().custom_media_url_params.preload_type); + media_url_params_.custom_media_url_params.preload_type); if (!cookies_->empty()) { media_info.https_headers.insert(std::make_pair( net::HttpRequestHeaders::kCookie, diff --git a/content/browser/media/ohos/ohos_custom_media_player_renderer.h b/content/browser/media/ohos/ohos_custom_media_player_renderer.h index 3e912419b1..c76e53000d 100644 --- a/content/browser/media/ohos/ohos_custom_media_player_renderer.h +++ b/content/browser/media/ohos/ohos_custom_media_player_renderer.h @@ -145,7 +145,7 @@ class CONTENT_EXPORT OHOSCustomMediaPlayerRenderer gfx::Rect video_rect_; - media::MediaResource* media_resource_; + media::MediaUrlParams media_url_params_; base::TimeDelta media_time_; -- Gitee From 23d1a5edcfd63edc8e911b24d867b4b46e900976 Mon Sep 17 00:00:00 2001 From: whuqincheng Date: Sun, 29 Dec 2024 09:55:51 +0800 Subject: [PATCH 2/3] media_source solve UAF Signed-off-by: whuqincheng --- content/browser/media/ohos/ohos_custom_media_player_renderer.cc | 1 - 1 file changed, 1 deletion(-) diff --git a/content/browser/media/ohos/ohos_custom_media_player_renderer.cc b/content/browser/media/ohos/ohos_custom_media_player_renderer.cc index b1070aa7a9..d41aeecbee 100644 --- a/content/browser/media/ohos/ohos_custom_media_player_renderer.cc +++ b/content/browser/media/ohos/ohos_custom_media_player_renderer.cc @@ -262,7 +262,6 @@ void OHOSCustomMediaPlayerRenderer::Initialize(media::MediaResource* media_resou } init_cb_ = std::move(init_cb); - // media_resource_ = media_resource; media_url_params_ = media_resource->GetMediaUrlParams(); GetCookies(); -- Gitee From 029504859e011a7f6f7e1dd770cc53830da16c81 Mon Sep 17 00:00:00 2001 From: whuqincheng Date: Sun, 29 Dec 2024 11:28:40 +0800 Subject: [PATCH 3/3] media_source solve UAF Signed-off-by: whuqincheng --- .../ohos/ohos_custom_media_player_renderer.cc | 16 ++++++++-------- .../ohos/ohos_custom_media_player_renderer.h | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/content/browser/media/ohos/ohos_custom_media_player_renderer.cc b/content/browser/media/ohos/ohos_custom_media_player_renderer.cc index d41aeecbee..216dc2c491 100644 --- a/content/browser/media/ohos/ohos_custom_media_player_renderer.cc +++ b/content/browser/media/ohos/ohos_custom_media_player_renderer.cc @@ -255,14 +255,14 @@ void OHOSCustomMediaPlayerRenderer::Initialize(media::MediaResource* media_resou renderer_client_ = client; - if (media_resource->GetType() != media::MediaResource::Type::URL) { + if (media_source == nullptr || media_resource->GetType() != media::MediaResource::Type::URL) { DLOG(ERROR) << "MediaResource is not of Type URL"; std::move(init_cb).Run(media::PIPELINE_ERROR_INITIALIZATION_FAILED); return; } init_cb_ = std::move(init_cb); - media_url_params_ = media_resource->GetMediaUrlParams(); + media_url_params_ = std::make_shared(media_resource->GetMediaUrlParams()); GetCookies(); } @@ -270,13 +270,13 @@ void OHOSCustomMediaPlayerRenderer::Initialize(media::MediaResource* media_resou void OHOSCustomMediaPlayerRenderer::GetCookies() { DCHECK_CURRENTLY_ON(BrowserThread::UI); - const GURL& url = media_url_params_.media_url; + const GURL& url = media_url_params_->media_url; const net::SiteForCookies& site_for_cookies = - media_url_params_.site_for_cookies; + media_url_params_->site_for_cookies; const url::Origin& top_frame_origin = - media_url_params_.top_frame_origin; + media_url_params_->top_frame_origin; bool has_storage_access = - media_url_params_.has_storage_access; + media_url_params_->has_storage_access; base::OnceCallback callback = base::BindOnce(&OHOSCustomMediaPlayerRenderer::OnCookiesRetrieved, @@ -366,7 +366,7 @@ void OHOSCustomMediaPlayerRenderer::CreateMediaPlayer() { for (const auto& info : source_infos_) { media_info.media_src_list.push_back({ static_cast( - media_url_params_.custom_media_url_params.media_source_type), + media_url_params_->custom_media_url_params.media_source_type), info.media_source, info.media_format}); } media_info.surface_info.id = surface_id_string; @@ -379,7 +379,7 @@ void OHOSCustomMediaPlayerRenderer::CreateMediaPlayer() { media_info.muted = muted_; media_info.poster_url = poster_url_; media_info.preload = ConvertTo( - media_url_params_.custom_media_url_params.preload_type); + media_url_params_->custom_media_url_params.preload_type); if (!cookies_->empty()) { media_info.https_headers.insert(std::make_pair( net::HttpRequestHeaders::kCookie, diff --git a/content/browser/media/ohos/ohos_custom_media_player_renderer.h b/content/browser/media/ohos/ohos_custom_media_player_renderer.h index c76e53000d..fcbce5e13f 100644 --- a/content/browser/media/ohos/ohos_custom_media_player_renderer.h +++ b/content/browser/media/ohos/ohos_custom_media_player_renderer.h @@ -145,7 +145,7 @@ class CONTENT_EXPORT OHOSCustomMediaPlayerRenderer gfx::Rect video_rect_; - media::MediaUrlParams media_url_params_; + std::shared_ptr media_url_params_; base::TimeDelta media_time_; -- Gitee