1087810 - [EME] Firefox crashes if CDM downsample video frames

Status: RESOLVED FIXED

(Core :: Audio/Video, defect)

Description

[Chris Pearce [:cpearce (Not reading bugmail)]]

If the CDM decides it needs to reduce the quality of a video frame it downsamples, or shrinks, the output video frames.

If this happens, we crash. This is because we're assuming in EMEH264Decoder::Decoded(GMPVideoi420Frame*) that the picture region of the video frame is the same as the display size that's stored in the container. This assumption is not correct if the CDM scales the video frame.

Comment 1

[Chris Pearce [:cpearce (Not reading bugmail)]]

Attachment: Patch

Use the size of the GMPVideoi420Frame as the picture region when calling VideoData::Create(), instead of assuming the video frame size is always the same as reported in the container.

Comment 2

[Edwin Flores [inactive from 2016-12-01] [:eflores] [:edwin]]

Comment on attachment 8509978 [details] [diff] [review]
Patch

Review of attachment 8509978 [details] [diff] [review]:
-----------------------------------------------------------------

heh, ouch.

Comment 3

[Chris Pearce [:cpearce (Not reading bugmail)]]

Attachment: Patch: Null check samples sent to MP4Reader::Output()

Also, we can null check the samples sent to MP4Reader::Output(), to ensure that any such mistakes in future don't cause a crash.

Comment 4

[Chris Pearce [:cpearce (Not reading bugmail)]]

https://hg.mozilla.org/integration/mozilla-inbound/rev/47abc51bcb72
https://hg.mozilla.org/integration/mozilla-inbound/rev/312a39b17090

Comment 5

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/mozilla-central/rev/47abc51bcb72
https://hg.mozilla.org/mozilla-central/rev/312a39b17090

Comment 6

[Chris Pearce [:cpearce (Not reading bugmail)]]

Mass update firefox-status to track EME uplift.