Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: e8a476cd12df5fb1ea1f682f1c2381397c44ccef
      
https://github.com/WebKit/WebKit/commit/e8a476cd12df5fb1ea1f682f1c2381397c44ccef
  Author: Youenn Fablet <[email protected]>
  Date:   2026-07-02 (Thu, 02 Jul 2026)

  Changed paths:
    A LayoutTests/webrtc/addTrack-simulcast-expected.txt
    A LayoutTests/webrtc/addTrack-simulcast.html
    M 
Source/ThirdParty/libwebrtc/Source/webrtc/modules/video_coding/video_codec_initializer.cc
    M Source/ThirdParty/libwebrtc/Source/webrtc/pc/sdp_offer_answer.cc
    M 
Source/WebCore/platform/mediastream/cocoa/RealtimeOutgoingVideoSourceCocoa.cpp

  Log Message:
  -----------
  Stack buffer overflow in WebKit libwebrtc VideoCodecInitializer via remote 
SDP simulcast layers leads to WebContent memory corruption
rdar://175624943

Reviewed by Eric Carlson.

When computing send encodings from remote SDP, we trim them according the max 
simulcast encodings, like done for addTransceiver.
We also change the debug check VideoCodecInitializer::SetupCodec in a release 
check as a further mitigation.

Test: webrtc/addTrack-simulcast.html

* LayoutTests/webrtc/addTrack-simulcast-expected.txt: Added.
* LayoutTests/webrtc/addTrack-simulcast.html: Added.
* 
Source/ThirdParty/libwebrtc/Source/webrtc/modules/video_coding/video_codec_initializer.cc:
* Source/ThirdParty/libwebrtc/Source/webrtc/pc/sdp_offer_answer.cc:

Originally-landed-as: 305413.820@safari-7624-branch (0d8fd1ca4be9). 
rdar://181073924
Canonical link: https://commits.webkit.org/316431@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to