Bug 1187076 - Warn at end of SPS buffers. r=jya
authorRalph Giles <giles@mozilla.com>
Tue, 08 Sep 2015 21:46:22 -0700
changeset 294268 c75f9ca74a29c05a3457d33531548c63f9b6d784
parent 294267 ed0e18820d4a231e81b4d9874c5a5c1621dcb2a5
child 294269 c0abc2a6e11f52761366e029eb1bae4c9864a8a3
child 294290 4805fa9a89fe1165829e60140f3050ff09c2d656
push id5245
push userraliiev@mozilla.com
push dateThu, 29 Oct 2015 11:30:51 +0000
treeherdermozilla-beta@dac831dc1bd0 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjya
bugs1187076
milestone43.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1187076 - Warn at end of SPS buffers. r=jya Previously we asserted if we tried to read past the end of a buffer in parsing H.264 SPS headers. This only affected debug builds, but the failures were reported as crashes in automated testing. Therefore, commute the assert to a warning and silently accept bad data of this type. The read is safe with the first assert removed because of the subsequent check, and a similar one in the parent class.
media/libstagefright/binding/H264.cpp
--- a/media/libstagefright/binding/H264.cpp
+++ b/media/libstagefright/binding/H264.cpp
@@ -21,17 +21,16 @@ class BitReader
 public:
   explicit BitReader(const mozilla::MediaByteBuffer* aBuffer)
     : mBitReader(aBuffer->Elements(), aBuffer->Length())
   {
   }
 
   uint32_t ReadBits(size_t aNum)
   {
-    MOZ_ASSERT(mBitReader.numBitsLeft());
     MOZ_ASSERT(aNum <= 32);
     if (mBitReader.numBitsLeft() < aNum) {
       return 0;
     }
     return mBitReader.getBits(aNum);
   }
 
   uint32_t ReadBit()
@@ -43,17 +42,20 @@ public:
   uint32_t ReadUE()
   {
     uint32_t i = 0;
 
     while (ReadBit() == 0 && i < 32) {
       i++;
     }
     if (i == 32) {
-      MOZ_ASSERT(false);
+      // This can happen if the data is invalid, or if it's
+      // short, since ReadBit() will return 0 when it runs
+      // off the end of the buffer.
+      NS_WARNING("Invalid H.264 data");
       return 0;
     }
     uint32_t r = ReadBits(i);
     r += (1 << i) - 1;
     return r;
   }
 
   // Read signed integer Exp-Golomb-coded.