1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
commit 139967a109c1
Author: Jean-Yves Avenard <jyavenard@mozilla.com>
Date: Wed Oct 25 18:25:37 2017 +0200
Bug 1366201 - P5. Get around FFmpeg bug with corrupted data. r=gerald
According to FFmpeg documentation, the out parameter is "set to size of parsed buffer or zero if not yet finished. " however this is only the case if no error occurred; otherwise it is left untouched.
We want the invalid content to generate a decoding error, so we set size to inputSize to ensure decoding failed later.
MozReview-Commit-ID: FZeiZUdUtLG
---
dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp
index 6acc8fef4dd8..fdee880c9e3b 100644
--- dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp
+++ dom/media/platforms/ffmpeg/FFmpegVideoDecoder.cpp
@@ -212,18 +212,18 @@ FFmpegVideoDecoder<LIBAV_VER>::DoDecode(MediaRawData* aSample, bool* aGotFrame,
#if LIBAVCODEC_VERSION_MAJOR >= 54
if (inputSize && mCodecParser && (mCodecID == AV_CODEC_ID_VP8
#if LIBAVCODEC_VERSION_MAJOR >= 55
|| mCodecID == AV_CODEC_ID_VP9
#endif
)) {
while (inputSize) {
- uint8_t* data;
- int size;
+ uint8_t* data = inputData;
+ int size = inputSize;
int len = mLib->av_parser_parse2(
mCodecParser, mCodecContext, &data, &size, inputData, inputSize,
aSample->mTime.ToMicroseconds(), aSample->mTimecode.ToMicroseconds(),
aSample->mOffset);
if (size_t(len) > inputSize) {
return NS_ERROR_DOM_MEDIA_DECODE_ERR;
}
inputData += len;
|
