Closed
Bug 1298271
Opened 8 years ago
Closed 8 years ago
Fix libstagefright's use of ByteReader's remaining bytes
Categories
(Core :: Audio/Video: Playback, defect)
Tracking
()
RESOLVED
FIXED
mozilla51
Tracking | Status | |
---|---|---|
firefox51 | --- | fixed |
People
(Reporter: mozbugz, Assigned: mozbugz)
References
Details
Attachments
(1 file)
Follow-up to bug 1296532 comment 14. If libstagefright (particularly in MoofParser), ByteReader is used to safely read MP4 boxes. However the checking of Remaining(), and use of DiscardRemaining(), are inconsistent, which in the worst case could lead to assertion crashes in debug mode. We could import VideoUtils' AutoByteReader, and stop using DiscardRemaining() to simplify the code. Note that some videos might then get accepted even though some of their boxes are wider than expected, but I think it's not a risk, and in fact a useful attempt at accommodating imperfect videos.
Assignee | ||
Comment 1•8 years ago
|
||
Correction: AutoByteReader is in FlacFrameParser.cpp.
Comment hidden (mozreview-request) |
Comment 3•8 years ago
|
||
mozreview-review |
Comment on attachment 8785274 [details] Bug 1298271 - Make BoxReader use AutoByteReader - https://reviewboard.mozilla.org/r/74542/#review72392 ::: dom/media/flac/FlacFrameParser.cpp:63 (Diff revision 1) > { > if (aLength < 4 || aPacket[0] == 0xff) { > // Not a header block. > return false; > } > - AutoByteReader br(aPacket, aLength); > + mp4_demuxer::AutoByteReader br(aPacket, aLength); ID prefer to have a using namespace mp4_demuxer at the top. ::: media/libstagefright/binding/Box.cpp:146 (Diff revision 1) > } > return Box(mContext, mChildOffset, this); > } > > bool > Box::Read(nsTArray<uint8_t>* aDest) IS this function still of any use?
Comment 4•8 years ago
|
||
mozreview-review |
Comment on attachment 8785274 [details] Bug 1298271 - Make BoxReader use AutoByteReader - https://reviewboard.mozilla.org/r/74542/#review72400
Attachment #8785274 -
Flags: review?(jyavenard) → review+
Assignee | ||
Comment 5•8 years ago
|
||
mozreview-review-reply |
Comment on attachment 8785274 [details] Bug 1298271 - Make BoxReader use AutoByteReader - https://reviewboard.mozilla.org/r/74542/#review72392 > ID prefer to have a using namespace mp4_demuxer at the top. Importing a whole namespace for just three uses of the same name seems a bit over the top! I'll just import the one name I need. > IS this function still of any use? Right, I've effectively replaced it with my version; so I'll remove the old one.
Comment hidden (mozreview-request) |
Pushed by gsquelart@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/1f302a3d9df0 Make BoxReader use AutoByteReader - r=jya
Gerald - AutoByteReader makes no sense. Just change the assertion in ByteReader to propagate the error in a different way or simply get rid of the whole mechanism.
Flags: needinfo?(gsquelart)
Comment 9•8 years ago
|
||
I think the entire checking that there are bytes remaining can be removed now. There's no security risk when finding cases where we didn't read the whole content.
Assignee | ||
Comment 10•8 years ago
|
||
Opened follow-up bug 1298710 to deal with AutoByteReader.
Flags: needinfo?(gsquelart)
Comment 11•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/1f302a3d9df0
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox51:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
You need to log in
before you can comment on or make changes to this bug.
Description
•