canmove, Confirmed users
640
edits
Security/Reviews/Firefox4/AudioAPI Security Review: Difference between revisions
Jump to navigation
Jump to search
m
Security/Reviews/Firefox4/AudioAPI Security Review (view source)
Revision as of 19:53, 2 February 2011
, 2 February 2011→Review comments
| Line 53: | Line 53: | ||
** need to fuzz bogus numbers of channels and sampleRates | ** need to fuzz bogus numbers of channels and sampleRates | ||
** on various hardware/drivers | ** on various hardware/drivers | ||
* There's a same-origin check on reading audio data | |||
** don't know if it's on the src URI or after following redirects (but should mimic <canvas>) | |||
** https://mxr.mozilla.org/mozilla-central/source/content/html/content/src/nsHTMLMediaElement.cpp#707 | |||
* Can't read data from non-audio files (decoder would fail, the API hooks in after the decoder) | |||