Closed Bug 567951 Opened 14 years ago Closed 6 years ago

Picture region checks in VideoData::Create are incorrect

Tracking

()

Status:

RESOLVED INACTIVE

People

(Reporter: kinetik, Unassigned)

Details

Matthew Gregan [:kinetik]

Reporter

Description

•

14 years ago

In nsVideoInfo, the rectangle specified by mPicture should be located completely within the rectangle specified by mFrame.  The stride of the frame may be (usually is) larger than the frame width.  The sanity checks in VideoData::Create are incorrect:

Say, for a frame which is 800 pixels wide:

  if (!AddOverflow32(aInfo.mPicture.x, aInfo.mPicture.width, picXLimit) ||
      picXLimit > PRUint32(aBuffer.mPlanes[0].mStride) ||

x = 60
width = 780
picXLimit = 840
mStride = 864

This check will succeed as picXLimit < mStride, but the picture region extends outside of the valid frame rectangle.

Maire Reavy [:mreavy]

Updated

•

9 years ago

Component: Audio/Video → Audio/Video: Playback

Nils Ohlmeier [:drno]

Comment 1

•

6 years ago

Mass closing do to inactivity.
Feel free to re-open if still needed.

Status: NEW → RESOLVED

Closed: 6 years ago

Resolution: --- → INACTIVE

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Picture region checks in VideoData::Create are incorrect

Categories

(Core :: Audio/Video: Playback, defect)

Tracking

()

People

(Reporter: kinetik, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1