Closed Bug 1015979 Opened 10 years ago Closed 10 years ago

Assert that the images (video frames) created have a non-zero size

Categories

(Core :: Audio/Video, defect)

Product:
Core
Component:
Audio/Video
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla32

People

(Reporter: solenne.bienner, Assigned: felicien.delobre)

Details

Attachments

(2 files, 1 obsolete file)

bug-1015979-fix
1.03 KB, patch
cpearce
: review+
Details | Diff | Splinter Review
bug-1015979-fix
1.09 KB, patch
Details | Diff | Splinter Review 
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0 (Beta/Release)
Build ID: 20140428193838
Component: Untriaged → Video/Audio
Product: Firefox → Core
Version: 29 Branch → Trunk
Assignee: nobody → felicien.delobre
Hello, concerning the bug n°6 on https://etherpad.mozilla.org/media-decoder-refactoring-ideas-2013.
I don't really get which size we need to assert is non-zero because in the first Create method (http://dxr.mozilla.org/mozilla-central/source/content/media/MediaData.cpp?from=#232) there is already a verification for the image size.
Flags: needinfo?(cpearce)
That NS_WARNING should be a MOZ_ASSERT.
Flags: needinfo?(cpearce)
(In reply to Chris Pearce (:cpearce) from comment #2)
> That NS_WARNING should be a MOZ_ASSERT.

Ok thank you Chris,
One more question : is there a need to replace the NS_WARNING on line 238 (http://dxr.mozilla.org/mozilla-central/source/content/media/MediaData.cpp?from=#238) and 251 ?
Because it doesn't concern non-zero size, but replacing NS_WARNING by MOZ_ASSERT there seems to be better.
I'd rather not convert the warnings on lines 238 and 251. The idea here is to guard against programmer error. Several times I and others have forgotten to pass in a non zero size here, and lost time debugging that. I want to prevent that in future.

Whereas those other cases guard against hostile input (passing INT32_MAX for the width and height of a frame, in order to trigger malloc failure and a crash). Arguably input could have 0 sized frame anyway and we'd hit this fatal assert in debug builds, but I think that's a good tradeoff to make here.
Attached patch bug-1015979-fix (obsolete) — Splinter Review 

        Attachment #8432472 -
        Flags: review+

    
  

        Attachment #8432472 -
        Flags: review+ → review?(cpearce)

    
    

    
  
Comment on attachment 8432472 [details] [diff] [review]
bug-1015979-fix

Review of attachment 8432472 [details] [diff] [review]:
-----------------------------------------------------------------

You still need to return nullptr in both those cases, otherwise we'll crash or worse in build where assertions are disabled, i.e. Release Firefox builds!

The purpose of this bug is to make size-0 frames mistakes more noticeable.

::: content/media/MediaData.cpp
@@ +381,5 @@
>      return v.forget();
>    }
>  
>    // The following situations could be triggered by invalid input
> +  MOZ_ASSERT(aPicture.width <= 0 || aPicture.height <= 0, "Empty picture rect");

This doesn't need to be an assert.

        Attachment #8432472 -
        Flags: review?(cpearce) → review-

    
  

        Attachment #8432472 -
        Attachment is obsolete: true

    
    

    
  

      
      
      
      

        Attached patch
          
          
        bug-1015979-fixSplinter Review
      

    


  

        Attachment #8433294 -
        Flags: review?(cpearce)

    
    

    
  
Comment on attachment 8433294 [details] [diff] [review]
bug-1015979-fix

Concerning your last comment, why is there no need for a MOZ_ASSERT there http://dxr.mozilla.org/mozilla-central/source/content/media/MediaData.cpp#389

    
    

    
  
Comment on attachment 8433294 [details] [diff] [review]
bug-1015979-fix

Review of attachment 8433294 [details] [diff] [review]:
-----------------------------------------------------------------

Bravo!

        Attachment #8433294 -
        Flags: review?(cpearce) → review+

    
    

    
  
(In reply to Eric Phan from comment #8)
> Comment on attachment 8433294 [details] [diff] [review]
> bug-1015979-fix
> 
> Concerning your last comment, why is there no need for a MOZ_ASSERT there
> http://dxr.mozilla.org/mozilla-central/source/content/media/MediaData.cpp#389

Because what I want is a way to prevent simple developer mistakes, that is, of forgetting to initialize the width and height so that they're non-0. Whereas negative frame sizes is a mistake I've never made.

    
    

    
  

      
      
      
      

        Attached patch
          
          
        bug-1015979-fixSplinter Review
      

    


  
Modification of commit message

    
    

    
  
Backed out and relanded, because I screwed up the bug number in the commit message.

Eric, congratulation on your first patch, onto the next one !

https://hg.mozilla.org/integration/mozilla-inbound/rev/5086f344b647
https://hg.mozilla.org/integration/mozilla-inbound/rev/e9ce0328d40d
https://hg.mozilla.org/integration/mozilla-inbound/rev/cef880caa887

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/5086f344b647
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla32

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: