commit 139967a109c1
Author: Jean-Yves Avenard <jyavenard@mozilla.com>
Date:   Wed Oct 25 18:25:37 2017 +0200

    Bug 1366201 - P5. Get around FFmpeg bug with corrupted data. r=gerald
    
    According to FFmpeg documentation, the out parameter is "set to size of parsed buffer or zero if not yet finished. " however this is only the case if no error occurred; otherwise it is left untouched.
    
    We want the invalid content to generate a decoding error, so we set size to inputSize to ensure decoding failed later.
    
    MozReview-Commit-ID: FZeiZUdUtLG
---
 dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp
index 6acc8fef4dd8..fdee880c9e3b 100644
--- dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp
+++ dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp
@@ -212,18 +212,18 @@ FFmpegVideoDecoder<LIBAV_VER>::DoDecode(MediaRawData* aSample, bool* aGotFrame,
 
 #if LIBAVCODEC_VERSION_MAJOR >= 54
   if (inputSize && mCodecParser && (mCodecID == AV_CODEC_ID_VP8
 #if LIBAVCODEC_VERSION_MAJOR >= 55
       || mCodecID == AV_CODEC_ID_VP9
 #endif
       )) {
     while (inputSize) {
-      uint8_t* data;
-      int size;
+      uint8_t* data = inputData;
+      int size = inputSize;
       int len = mLib->av_parser_parse2(
         mCodecParser, mCodecContext, &data, &size, inputData, inputSize,
         aSample->mTime.ToMicroseconds(), aSample->mTimecode.ToMicroseconds(),
         aSample->mOffset);
       if (size_t(len) > inputSize) {
         return NS_ERROR_DOM_MEDIA_DECODE_ERR;
       }
       inputData += len;