Closed Bug 1322961 Opened 9 years ago Closed 9 years ago

[CID 1397065] [CID 1397066] Comparing uint8_t with 256 in mp4_demuxer::H264

Categories

(Core :: Audio/Video: Playback, defect)

Product:
Core
Component:
Audio/Video: Playback
Version:
49 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla53
Tracking Flags:
Tracking Status
firefox53 --- fixed

People

(Reporter: mozbugz, Assigned: jya)

References

Details

(Whiteboard: CID 1397065, CID 1397066)

Attachments

(1 file)

Bug 1322961: Check SPS and PPS attributes value.
58 bytes, text/x-review-board-request
mozbugz
: review+
Details
Found by Coverity: > *** CID 1397065: Integer handling issues (CONSTANT_EXPRESSION_RESULT) > /media/libstagefright/binding/H264.cpp: 715 in > mp4_demuxer::H264::DecodePPS(const mozilla::MediaByteBuffer *, const AutoTArray<mp4_demuxer::SPSData, (unsigned long)32> &, mp4_demuxer::PPSData &)() > CID 1397065: Integer handling issues (CONSTANT_EXPRESSION_RESULT) > "aDest.pic_parameter_set_id >= 256" is always false regardless of the values of its operands. This occurs as the logical first operand of "||". > 715 if (aDest.pic_parameter_set_id >= MAX_PPS_COUNT || > 716 aDest.seq_parameter_set_id >= MAX_SPS_COUNT) { > 717 return false; > 718 } > *** CID 1397066: Integer handling issues (CONSTANT_EXPRESSION_RESULT) > /media/libstagefright/binding/H264.cpp: 666 in > mp4_demuxer::H264::DecodePPSDataSetFromExtraData(const mozilla::MediaByteBuffer *, const AutoTArray<mp4_demuxer::SPSData, (unsigned long)32> &, AutoTArray<mp4_demuxer::PPSData, (unsigned long)256>&)() > CID 1397066: Integer handling issues (CONSTANT_EXPRESSION_RESULT) > "numPps <= 256" is always true regardless of the values of its operands. This occurs as the logical operand of "!". > 666 NS_ASSERTION(numPps <= MAX_PPS_COUNT, "Exceed the maximum PPS counts!"); Probably not a real issue, but it would be nice to verify that, and maybe fix it by doing appropriate casts. Alastor, this code comes from bug 1321164, could you please have a look?
Assignee: alwu → jyavenard
Comment on attachment 8817956 [details] Bug 1322961: Check SPS and PPS attributes value. https://reviewboard.mozilla.org/r/98140/#review98340 Quite a lot more than I expected for this bug! But it makes sense to add these checks. r+ with probable issue addressed: ::: media/libstagefright/binding/H264.cpp:850 (Diff revision 1) > + if (aDest.second_chroma_qp_index_offset < 12 > + || aDest.second_chroma_qp_index_offset > 12) { Don't you mean `< -12`, like at line 797?
Attachment #8817956 - Flags: review?(gsquelart) → review+
Comment on attachment 8817956 [details] Bug 1322961: Check SPS and PPS attributes value. rewrote it all using macro. much simpler that way, and allows to keep using 8 bits fields.
Attachment #8817956 - Flags: review+ → review?(gsquelart)
Comment on attachment 8817956 [details] Bug 1322961: Check SPS and PPS attributes value. https://reviewboard.mozilla.org/r/98140/#review98350 r+ assuming try is green.
Attachment #8817956 - Flags: review?(gsquelart) → review+
Pushed by jyavenard@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/6a3e0c8b26f2 Check SPS and PPS attributes value. r=gerald
https://hg.mozilla.org/mozilla-central/rev/6a3e0c8b26f2
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox53: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla53
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: