Bug 1532861 - Avoid a ubsan error in IsValidVideoRegion r=jya
authorDavid Major <dmajor@mozilla.com>
Fri, 18 Oct 2019 00:21:31 +0000
changeset 498172 7470ae6e250d19fbe5b22371b242dea45dce7950
parent 498171 ca694c972e9c39e0c992d92628e121d8271738af
child 498173 27ba497f76d15ef43d02d6c159b278ffc1879460
push id98328
push userdmajor@mozilla.com
push dateFri, 18 Oct 2019 15:15:45 +0000
treeherderautoland@7470ae6e250d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjya
bugs1532861
milestone71.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1532861 - Avoid a ubsan error in IsValidVideoRegion r=jya The variables in this function are really unsigned values in disguise. Ideally they'd be something like `UIntSize` but that's not a thing. As a path of least resistance, let's check that they're greater than zero to rule out absurdly large unsigned values (which would have been ruled out by the `MAX_DIMENSION` test anyway). And then we no longer need the a*b != 0 tests. Differential Revision: https://phabricator.services.mozilla.com/D49666
dom/media/VideoUtils.cpp
--- a/dom/media/VideoUtils.cpp
+++ b/dom/media/VideoUtils.cpp
@@ -184,34 +184,35 @@ bool IsVideoContentType(const nsCString&
     return true;
   }
   return false;
 }
 
 bool IsValidVideoRegion(const gfx::IntSize& aFrame,
                         const gfx::IntRect& aPicture,
                         const gfx::IntSize& aDisplay) {
-  return aFrame.width <= PlanarYCbCrImage::MAX_DIMENSION &&
+  return aFrame.width > 0 && aFrame.width <= PlanarYCbCrImage::MAX_DIMENSION &&
+         aFrame.height > 0 &&
          aFrame.height <= PlanarYCbCrImage::MAX_DIMENSION &&
          aFrame.width * aFrame.height <= MAX_VIDEO_WIDTH * MAX_VIDEO_HEIGHT &&
-         aFrame.width * aFrame.height != 0 &&
+         aPicture.width > 0 &&
          aPicture.width <= PlanarYCbCrImage::MAX_DIMENSION &&
          aPicture.x < PlanarYCbCrImage::MAX_DIMENSION &&
          aPicture.x + aPicture.width < PlanarYCbCrImage::MAX_DIMENSION &&
+         aPicture.height > 0 &&
          aPicture.height <= PlanarYCbCrImage::MAX_DIMENSION &&
          aPicture.y < PlanarYCbCrImage::MAX_DIMENSION &&
          aPicture.y + aPicture.height < PlanarYCbCrImage::MAX_DIMENSION &&
          aPicture.width * aPicture.height <=
              MAX_VIDEO_WIDTH * MAX_VIDEO_HEIGHT &&
-         aPicture.width * aPicture.height != 0 &&
+         aDisplay.width > 0 &&
          aDisplay.width <= PlanarYCbCrImage::MAX_DIMENSION &&
+         aDisplay.height > 0 &&
          aDisplay.height <= PlanarYCbCrImage::MAX_DIMENSION &&
-         aDisplay.width * aDisplay.height <=
-             MAX_VIDEO_WIDTH * MAX_VIDEO_HEIGHT &&
-         aDisplay.width * aDisplay.height != 0;
+         aDisplay.width * aDisplay.height <= MAX_VIDEO_WIDTH * MAX_VIDEO_HEIGHT;
 }
 
 already_AddRefed<SharedThreadPool> GetMediaThreadPool(MediaThreadType aType) {
   const char* name;
   uint32_t threads = 4;
   switch (aType) {
     case MediaThreadType::PLATFORM_DECODER:
       name = "MediaPDecoder";