Bug 1144107 - Part 2: Prevent uin32_t overflow. r=kentuckyfriedtakahe, a=abillings
authorJean-Yves Avenard <jyavenard@mozilla.com>
Tue, 14 Jul 2015 09:21:27 -0400
changeset 275346 3fc2312861addc259ddb060ec5a5e0ffb34419e9
parent 275345 3fdeb3497962666dfd621611424e31af526c5d0b
child 275347 20c4fa40bc79c7fe8c9e20d3460a4e94d7ce898b
push id863
push userraliiev@mozilla.com
push dateMon, 03 Aug 2015 13:22:43 +0000
treeherdermozilla-release@f6321b14228d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskentuckyfriedtakahe, abillings
bugs1144107
milestone40.0
Bug 1144107 - Part 2: Prevent uin32_t overflow. r=kentuckyfriedtakahe, a=abillings
media/libstagefright/frameworks/av/media/libstagefright/MPEG4Extractor.cpp
--- a/media/libstagefright/frameworks/av/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/frameworks/av/media/libstagefright/MPEG4Extractor.cpp
@@ -4104,18 +4104,18 @@ Vector<MediaSource::Indice> MPEG4Source:
       }
 
       Indice indice;
       indice.start_offset = offset;
       indice.end_offset = offset + size;
       indice.start_composition = (compositionTime * 1000000ll) / mTimescale;
       // end_composition is overwritten everywhere except the last frame, where
       // the presentation duration is equal to the sample duration.
-      indice.end_composition = ((compositionTime + duration) * 1000000ll) /
-              mTimescale;
+      indice.end_composition =
+          (compositionTime * 1000000ll + duration * 1000000ll) / mTimescale;
       indice.sync = isSyncSample;
       index.add(indice);
   }
 
   // Fix up composition durations so we don't end up with any unsightly gaps.
   if (index.size() != 0) {
       Indice* array = index.editArray();
       Vector<Indice*> composition_order;