24904 – Uint8Array parameters should not be modifiable after method calls return

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 24904 - Uint8Array parameters should not be modifiable after method calls return

Summary: Uint8Array parameters should not be modifiable after method calls return

Status:	RESOLVED FIXED

Alias:	None

Product:	HTML WG
Classification:	Unclassified
Component:	Encrypted Media Extensions (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P5 normal
Target Milestone:	---
Assignee:	David Dorwin
QA Contact:	HTML WG Bugzilla archive list

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-03-03 23:45 UTC by David Dorwin
Modified:	2014-05-02 20:15 UTC (History)
CC List:	6 users (show)

See Also:

Attachments

Description David Dorwin 2014-03-03 23:45:09 UTC

MediaKeys.createSession() and MediaKeySession.update() both accept Uint8Arrays. Since these methods schedule a task, it's possible that JavaScript can modify the contents of those arrays before the task is run.

For example:
  array[0]=0;
  mediaKeys.createSession("video/webm", array);
  array[0]=9;
  // Scheduled task will run later and see 9 in the first element.

Similar issues have been reported in MSE, WebCrypto, and DataCue in the HTML spec (bug 24687).

This was originally raised in http://lists.w3.org/Archives/Public/public-html-media/2014Feb/0019.html. The consensus in that thread seems to be:
1) We should have a consistent approach across specs.
2) The behavior should instead be effectively a copy (implemented using a copy-on-write optimization if desired).

Comment 1 David Dorwin 2014-03-17 23:51:13 UTC

Bug 24687 has been resolved by specifying that a copy should be made.

Comment 2 David Dorwin 2014-05-02 20:15:00 UTC

Added copy steps for all Uint8Array parameters in https://dvcs.w3.org/hg/html-media/rev/af33cfce6d49.