Bug 1148286 - Ensure we don't nullpointer deref if the CDM crashes in MediaKeys and Reader::SetCDMProxy implementations. r=edwin, a=sledru
--- a/dom/media/eme/MediaKeys.cpp
+++ b/dom/media/eme/MediaKeys.cpp
@@ -143,16 +143,22 @@ MediaKeys::GetKeySystem(nsString& retval
already_AddRefed<Promise>
MediaKeys::SetServerCertificate(const ArrayBufferViewOrArrayBuffer& aCert, ErrorResult& aRv)
{
nsRefPtr<Promise> promise(MakePromise(aRv));
if (aRv.Failed()) {
return nullptr;
}
+ if (!mProxy) {
+ NS_WARNING("Tried to use a MediaKeys without a CDM");
+ promise->MaybeReject(NS_ERROR_DOM_INVALID_STATE_ERR);
+ return promise.forget();
+ }
+
nsTArray<uint8_t> data;
if (!CopyArrayBufferViewOrArrayBufferData(aCert, data)) {
promise->MaybeReject(NS_ERROR_DOM_INVALID_ACCESS_ERR);
return promise.forget();
}
mProxy->SetServerCertificate(StorePromise(promise), data);
return promise.forget();
@@ -477,16 +483,22 @@ MediaKeys::OnCDMCreated(PromiseId aId, c
}
}
already_AddRefed<MediaKeySession>
MediaKeys::CreateSession(JSContext* aCx,
SessionType aSessionType,
ErrorResult& aRv)
{
+ if (!mProxy) {
+ NS_WARNING("Tried to use a MediaKeys which lost its CDM");
+ aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR);
+ return nullptr;
+ }
+
nsRefPtr<MediaKeySession> session = new MediaKeySession(aCx,
GetParentObject(),
this,
mKeySystem,
aSessionType,
aRv);
if (aRv.Failed()) {
--- a/dom/media/fmp4/MP4Decoder.cpp
+++ b/dom/media/fmp4/MP4Decoder.cpp
@@ -37,17 +37,17 @@ MediaDecoderStateMachine* MP4Decoder::Cr
}
#ifdef MOZ_EME
nsresult
MP4Decoder::SetCDMProxy(CDMProxy* aProxy)
{
nsresult rv = MediaDecoder::SetCDMProxy(aProxy);
NS_ENSURE_SUCCESS(rv, rv);
- {
+ if (aProxy) {
// The MP4Reader can't decrypt EME content until it has a CDMProxy,
// and the CDMProxy knows the capabilities of the CDM. The MP4Reader
// remains in "waiting for resources" state until then.
CDMCaps::AutoLock caps(aProxy->Capabilites());
nsRefPtr<nsIRunnable> task(
NS_NewRunnableMethod(this, &MediaDecoder::NotifyWaitingForResourcesStatusChanged));
caps.CallOnMainThreadWhenCapsAvailable(task);
}