Bug 1000180 - Disallow seeking SourceBufferResource to offsets that have been evicted from the input buffer. r=cajbir
authorMatthew Gregan <kinetik@flim.org>
Sun, 27 Apr 2014 20:35:00 +1200
changeset 199007 f8a665814b94d3cd99a4bc38c9cfe7b49958cee7
parent 199006 061e60bc9abb18ffd376540f323004eef60cfcb6
child 199008 dcbcab7596ae0788dcce6ce870e6fafdab09fd91
push id3624
push userasasaki@mozilla.com
push dateMon, 09 Jun 2014 21:49:01 +0000
treeherdermozilla-beta@b1a5da15899a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerscajbir
bugs1000180
milestone31.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1000180 - Disallow seeking SourceBufferResource to offsets that have been evicted from the input buffer. r=cajbir
content/media/mediasource/SourceBufferResource.cpp
content/media/mediasource/SourceBufferResource.h
--- a/content/media/mediasource/SourceBufferResource.cpp
+++ b/content/media/mediasource/SourceBufferResource.cpp
@@ -100,17 +100,17 @@ SourceBufferResource::Seek(int32_t aWhen
   case nsISeekableStream::NS_SEEK_CUR:
     newOffset += aOffset;
     break;
   case nsISeekableStream::NS_SEEK_SET:
     newOffset = aOffset;
     break;
   }
 
-  if (newOffset < 0 || newOffset > GetLength()) {
+  if (newOffset < 0 || uint64_t(newOffset) < mInputBuffer.GetOffset() || newOffset > GetLength()) {
     return NS_ERROR_FAILURE;
   }
 
   mOffset = newOffset;
   mon.NotifyAll();
 
   return NS_OK;
 }
--- a/content/media/mediasource/SourceBufferResource.h
+++ b/content/media/mediasource/SourceBufferResource.h
@@ -115,16 +115,17 @@ private:
     }
 
     // Returns the index of the resource that contains the given
     // logical offset. aResourceOffset will contain the offset into
     // the resource at the given index returned if it is not null.  If
     // no such resource exists, returns GetSize() and aOffset is
     // untouched.
     inline uint32_t GetAtOffset(uint64_t aOffset, uint32_t *aResourceOffset) {
+      MOZ_ASSERT(aOffset >= mOffset);
       uint64_t offset = mOffset;
       for (uint32_t i = 0; i < GetSize(); ++i) {
         ResourceItem* item = ResourceAt(i);
         // If the item contains the start of the offset we want to
         // break out of the loop.
         if (item->mData.Length() + offset > aOffset) {
           if (aResourceOffset) {
             *aResourceOffset = aOffset - offset;