Bug 966044 - Fix unconditional single byte buffer overflow in EbmlComposer::generateHeader(). (r=rillian)
authorEric Faust <efaustbmo@gmail.com>
Thu, 30 Jan 2014 16:42:00 -0800
changeset 182163 7c3373499773a8181289fd16b8769d5ecab79fdc
parent 182162 f693f6c91b238f1a1ca7ff9c4651135f66225539
child 182164 a829f51aae56b0dc380271701a028259c3838a97
push id3343
push userffxbld
push dateMon, 17 Mar 2014 21:55:32 +0000
treeherdermozilla-beta@2f7d3415f79f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersrillian
bugs966044
milestone29.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 966044 - Fix unconditional single byte buffer overflow in EbmlComposer::generateHeader(). (r=rillian)
content/media/webm/EbmlComposer.cpp
media/libmkv/WebMElement.c
media/libmkv/WebMElement.h
media/libmkv/const_fix.patch
--- a/content/media/webm/EbmlComposer.cpp
+++ b/content/media/webm/EbmlComposer.cpp
@@ -33,27 +33,24 @@ void EbmlComposer::GenerateHeader()
       Ebml_StartSubElement(&ebml, &ebmlLocseg, SeekHead);
       // Todo: We don't know the exact sizes of encoded data and ignore this section.
       Ebml_EndSubElement(&ebml, &ebmlLocseg);
       writeSegmentInformation(&ebml, &ebmlLoc, TIME_CODE_SCALE, 0);
       {
         EbmlLoc trackLoc;
         Ebml_StartSubElement(&ebml, &trackLoc, Tracks);
         {
-          char cid_string[8];
           // Video
           if (mWidth > 0 && mHeight > 0) {
-            strcpy(cid_string, "V_VP8");
-            writeVideoTrack(&ebml, 0x1, 0, cid_string,
+            writeVideoTrack(&ebml, 0x1, 0, "V_VP8",
                             mWidth, mHeight, mFrameRate);
           }
           // Audio
           if (mCodecPrivateData.Length() > 0) {
-            strcpy(cid_string, "A_VORBIS");
-            writeAudioTrack(&ebml, 0x2, 0x0, cid_string, mSampleFreq,
+            writeAudioTrack(&ebml, 0x2, 0x0, "A_VORBIS", mSampleFreq,
                             mChannels, mCodecPrivateData.Elements(),
                             mCodecPrivateData.Length());
           }
         }
         Ebml_EndSubElement(&ebml, &trackLoc);
       }
     }
     // The Recording length is unknow and ignore write the whole Segment element size
--- a/media/libmkv/WebMElement.c
+++ b/media/libmkv/WebMElement.c
@@ -51,17 +51,17 @@ static UInt64 generateTrackID(unsigned i
   UInt64 r = rand();
   r = r << 32;
   r +=  rand();
 //  UInt64 rval = t ^ r;
   return t ^ r;
 }
 
 void writeVideoTrack(EbmlGlobal *glob, unsigned int trackNumber, int flagLacing,
-                     char *codecId, unsigned int pixelWidth, unsigned int pixelHeight,
+                     const char *codecId, unsigned int pixelWidth, unsigned int pixelHeight,
                      double frameRate) {
   EbmlLoc start;
   UInt64 trackID;
   Ebml_StartSubElement(glob, &start, TrackEntry);
   Ebml_SerializeUnsigned(glob, TrackNumber, trackNumber);
   trackID = generateTrackID(trackNumber);
   Ebml_SerializeUnsigned(glob, TrackUID, trackID);
   Ebml_SerializeString(glob, CodecName, "VP8");  // TODO shouldn't be fixed
@@ -74,17 +74,17 @@ void writeVideoTrack(EbmlGlobal *glob, u
     Ebml_SerializeUnsigned(glob, PixelWidth, pixelWidth);
     Ebml_SerializeUnsigned(glob, PixelHeight, pixelHeight);
     Ebml_SerializeFloat(glob, FrameRate, frameRate);
     Ebml_EndSubElement(glob, &videoStart); // Video
   }
   Ebml_EndSubElement(glob, &start); // Track Entry
 }
 void writeAudioTrack(EbmlGlobal *glob, unsigned int trackNumber, int flagLacing,
-                     char *codecId, double samplingFrequency, unsigned int channels,
+                     const char *codecId, double samplingFrequency, unsigned int channels,
                      unsigned char *private, unsigned long privateSize) {
   EbmlLoc start;
   UInt64 trackID;
   Ebml_StartSubElement(glob, &start, TrackEntry);
   Ebml_SerializeUnsigned(glob, TrackNumber, trackNumber);
   trackID = generateTrackID(trackNumber);
   Ebml_SerializeUnsigned(glob, TrackUID, trackID);
   Ebml_SerializeUnsigned(glob, TrackType, 2); // audio is always 2
--- a/media/libmkv/WebMElement.h
+++ b/media/libmkv/WebMElement.h
@@ -15,20 +15,20 @@ extern "C" {
 
 #include "EbmlWriter.h"
 
 // these are helper functions
 void writeHeader(EbmlGlobal *ebml);
 void writeSegmentInformation(EbmlGlobal *ebml, EbmlLoc *startInfo, unsigned long timeCodeScale, double duration);
 // this function is a helper only, it assumes a lot of defaults
 void writeVideoTrack(EbmlGlobal *ebml, unsigned int trackNumber, int flagLacing,
-                     char *codecId, unsigned int pixelWidth, unsigned int pixelHeight,
+                     const char *codecId, unsigned int pixelWidth, unsigned int pixelHeight,
                      double frameRate);
 void writeAudioTrack(EbmlGlobal *glob, unsigned int trackNumber, int flagLacing,
-                     char *codecId, double samplingFrequency, unsigned int channels,
+                     const char *codecId, double samplingFrequency, unsigned int channels,
                      unsigned char *private_, unsigned long privateSize);
 
 void writeSimpleBlock(EbmlGlobal *ebml, unsigned char trackNumber, short timeCode,
                       int isKeyframe, unsigned char lacingFlag, int discardable,
                       unsigned char *data, unsigned long dataLength);
 
 #endif
 
new file mode 100644
--- /dev/null
+++ b/media/libmkv/const_fix.patch
@@ -0,0 +1,37 @@
+diff --git a/WebMElement.c b/WebMElement.c
+--- a/WebMElement.c
++++ b/WebMElement.c
+@@ -56,7 +56,7 @@
+ }
+ 
+ void writeVideoTrack(EbmlGlobal *glob, unsigned int trackNumber, int flagLacing,
+-                     char *codecId, unsigned int pixelWidth, unsigned int pixelHeight,
++                     const char *codecId, unsigned int pixelWidth, unsigned int pixelHeight,
+                      double frameRate) {
+   EbmlLoc start;
+   UInt64 trackID;
+@@ -79,7 +79,7 @@
+   Ebml_EndSubElement(glob, &start); // Track Entry
+ }
+ void writeAudioTrack(EbmlGlobal *glob, unsigned int trackNumber, int flagLacing,
+-                     char *codecId, double samplingFrequency, unsigned int channels,
++                     const char *codecId, double samplingFrequency, unsigned int channels,
+                      unsigned char *private, unsigned long privateSize) {
+   EbmlLoc start;
+   UInt64 trackID;
+diff --git a/WebMElement.h b/WebMElement.h
+--- a/WebMElement.h
++++ b/WebMElement.h
+@@ -20,10 +20,10 @@
+ void writeSegmentInformation(EbmlGlobal *ebml, EbmlLoc *startInfo, unsigned long timeCodeScale, double duration);
+ // this function is a helper only, it assumes a lot of defaults
+ void writeVideoTrack(EbmlGlobal *ebml, unsigned int trackNumber, int flagLacing,
+-                     char *codecId, unsigned int pixelWidth, unsigned int pixelHeight,
++                     const char *codecId, unsigned int pixelWidth, unsigned int pixelHeight,
+                      double frameRate);
+ void writeAudioTrack(EbmlGlobal *glob, unsigned int trackNumber, int flagLacing,
+-                     char *codecId, double samplingFrequency, unsigned int channels,
++                     const char *codecId, double samplingFrequency, unsigned int channels,
+                      unsigned char *private_, unsigned long privateSize);
+ 
+ void writeSimpleBlock(EbmlGlobal *ebml, unsigned char trackNumber, short timeCode,