This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
MediaKeys.createSession() and MediaKeySession.update() both accept Uint8Arrays. Since these methods schedule a task, it's possible that JavaScript can modify the contents of those arrays before the task is run. For example: array[0]=0; mediaKeys.createSession("video/webm", array); array[0]=9; // Scheduled task will run later and see 9 in the first element. Similar issues have been reported in MSE, WebCrypto, and DataCue in the HTML spec (bug 24687). This was originally raised in http://lists.w3.org/Archives/Public/public-html-media/2014Feb/0019.html. The consensus in that thread seems to be: 1) We should have a consistent approach across specs. 2) The behavior should instead be effectively a copy (implemented using a copy-on-write optimization if desired).
Bug 24687 has been resolved by specifying that a copy should be made.
Added copy steps for all Uint8Array parameters in https://dvcs.w3.org/hg/html-media/rev/af33cfce6d49.