Closed Bug 1087810 Opened 8 years ago Closed 8 years ago

[EME] Firefox crashes if CDM downsample video frames

Categories

(Core :: Audio/Video, defect)

x86_64
Windows 8.1
defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla36
Tracking Status
firefox37 --- fixed
firefox38 --- fixed
firefox39 --- fixed

People

(Reporter: cpearce, Assigned: cpearce)

References

(Blocks 1 open bug)

Details

Attachments

(2 files)

If the CDM decides it needs to reduce the quality of a video frame it downsamples, or shrinks, the output video frames.

If this happens, we crash. This is because we're assuming in EMEH264Decoder::Decoded(GMPVideoi420Frame*) that the picture region of the video frame is the same as the display size that's stored in the container. This assumption is not correct if the CDM scales the video frame.
Attached patch PatchSplinter Review
Use the size of the GMPVideoi420Frame as the picture region when calling VideoData::Create(), instead of assuming the video frame size is always the same as reported in the container.
Attachment #8509978 - Flags: review?(edwin)
Comment on attachment 8509978 [details] [diff] [review]
Patch

Review of attachment 8509978 [details] [diff] [review]:
-----------------------------------------------------------------

heh, ouch.
Attachment #8509978 - Flags: review?(edwin) → review+
Also, we can null check the samples sent to MP4Reader::Output(), to ensure that any such mistakes in future don't cause a crash.
Attachment #8509982 - Flags: review?(edwin)
https://hg.mozilla.org/mozilla-central/rev/47abc51bcb72
https://hg.mozilla.org/mozilla-central/rev/312a39b17090
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
Mass update firefox-status to track EME uplift.
You need to log in before you can comment on or make changes to this bug.