This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 24904 - Uint8Array parameters should not be modifiable after method calls return
Summary: Uint8Array parameters should not be modifiable after method calls return
Alias: None
Product: HTML WG
Classification: Unclassified
Component: Encrypted Media Extensions (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal
Target Milestone: ---
Assignee: David Dorwin
QA Contact: HTML WG Bugzilla archive list
Depends on:
Reported: 2014-03-03 23:45 UTC by David Dorwin
Modified: 2014-05-02 20:15 UTC (History)
6 users (show)

See Also:


Description David Dorwin 2014-03-03 23:45:09 UTC
MediaKeys.createSession() and MediaKeySession.update() both accept Uint8Arrays. Since these methods schedule a task, it's possible that JavaScript can modify the contents of those arrays before the task is run.

For example:
  mediaKeys.createSession("video/webm", array);
  // Scheduled task will run later and see 9 in the first element.

Similar issues have been reported in MSE, WebCrypto, and DataCue in the HTML spec (bug 24687).

This was originally raised in The consensus in that thread seems to be:
1) We should have a consistent approach across specs.
2) The behavior should instead be effectively a copy (implemented using a copy-on-write optimization if desired).
Comment 1 David Dorwin 2014-03-17 23:51:13 UTC
Bug 24687 has been resolved by specifying that a copy should be made.
Comment 2 David Dorwin 2014-05-02 20:15:00 UTC
Added copy steps for all Uint8Array parameters in