Closed
Bug 919979
Opened 11 years ago
Closed 11 years ago
Crash when calling WebrtcVideoConduit::SendVideoFrame() with very small resolution
Categories
(Core :: WebRTC: Audio/Video, defect)
Tracking
()
RESOLVED
FIXED
mozilla28
People
(Reporter: swu, Assigned: swu)
References
Details
Attachments
(2 files, 1 obsolete file)
|
5.81 KB,
text/plain
|
Details | |
|
3.66 KB,
patch
|
Details | Diff | Splinter Review |
In mediaconduit_unittest.cpp, if we call mVideoSession->SendVideoFrame() and pass 4x2 or 2x4 as input resolution, it may crash after test cases finished.
|
||
Comment 1•11 years ago
|
||
tim - is this fixed in a newer release?
Assignee: nobody → rjesup
Flags: needinfo?(tterribe)
|
|
||
Updated•11 years ago
|
Assignee: rjesup → nobody
|
||
Comment 2•11 years ago
|
||
(In reply to Randell Jesup [:jesup] from comment #1)
> tim - is this fixed in a newer release?
I have no idea. I don't remember seeing any issues on the subject.
Flags: needinfo?(tterribe)
|
Assignee | |
Comment 3•11 years ago
|
||
With debug version, it asserted at below location.
Breakpoint 3, webrtc::VP8EncoderImpl::GetEncodedPartitions (this=0x7fffe67021a0, input_image=...)
at /home/sywu/work/mozilla-central/media/webrtc/trunk/webrtc/modules/video_coding/codecs/vp8/vp8_impl.cc:448
448 assert(encoded_image_._length <= encoded_image_._size);
The values are:
encoded_image_._length = 30
encoded_image_._size = 6
The resolution been tested is 2x4, and we allocate the video frame length for 6 bytes (width*height*3/2) bytes.
|
|
Assignee | |
Comment 4•11 years ago
|
||
(In reply to Shian-Yow Wu [:shianyow] from comment #3)
> The resolution been tested is 2x4, and we allocate the video frame length
> for 6 bytes (width*height*3/2) bytes.
To correct, it is 12 bytes for resolution 2x4.
|
|
Assignee | |
Comment 5•11 years ago
|
||
Sorry, to clarify again.
The resolution been tested was 2x2 with frame legnth 6 allocated in the above example.
|
|
Assignee | |
Comment 6•11 years ago
|
||
It seems a VP8 encoder needs at least 31 bytes(first time 30 and second time 1) to process the frame.
However, we cannot just allocate and pass a larger frame length (ex: width*height*3/2 + 100), because there is a buffer size check at:
dxr.mozilla.org/mozilla-central/source/media/webrtc/trunk/webrtc/modules/video_capture/video_capture_impl.cc?from=video_capture_impl.cc#l254
Is it a required check? Or can we modify the CalcBufferSize() calculation in order to reserve more buffer?
Flags: needinfo?(tterribe)
|
|
Assignee | |
Updated•11 years ago
|
Summary: Potential crash after WebrtcVideoConduit::SelectSendResolution() called → Crash when calling WebrtcVideoConduit::SendVideoFrame() with very small resolution
|
|
||
Comment 7•11 years ago
|
||
(In reply to Shian-Yow Wu [:shianyow] from comment #6)
> However, we cannot just allocate and pass a larger frame length (ex:
> width*height*3/2 + 100), because there is a buffer size check at:
> dxr.mozilla.org/mozilla-central/source/media/webrtc/trunk/webrtc/modules/
> video_capture/video_capture_impl.cc?from=video_capture_impl.cc#l254
>
> Is it a required check? Or can we modify the CalcBufferSize() calculation
> in order to reserve more buffer?
Sorry for the delay in replying. I don't think we should modify CalcBufferSize(), since it is part of libyuv. However, we can modify the call in VP8EncoderImpl::InitEncode() to add a constant to the return value of CalcBufferSize().
Flags: needinfo?(tterribe)
|
|
Assignee | |
Comment 8•11 years ago
|
||
Assignee: nobody → swu
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 9•11 years ago
|
||
|
|
Assignee | |
Comment 10•11 years ago
|
||
Comment on attachment 8341524 [details] [diff] [review]
bug919979.patch
Tim,
Thanks for your comment.
The VP8 overhead for small resolution is 31 bytes, and the patch reserves 100 bytes for it.
Could you review it?
Attachment #8341524 -
Flags: review?(tterribe)
|
|
Assignee | |
Comment 11•11 years ago
|
||
Previous try result showed some failures, this is the new one.
https://tbpl.mozilla.org/?tree=Try&rev=d2d99463b34d
|
|
||
Comment 12•11 years ago
|
||
Comment on attachment 8341524 [details] [diff] [review]
bug919979.patch
Review of attachment 8341524 [details] [diff] [review]:
-----------------------------------------------------------------
::: media/webrtc/trunk/webrtc/modules/video_coding/codecs/vp8/vp8_impl.cc
@@ +170,5 @@
> // allocate memory for encoded image
> if (encoded_image_._buffer != NULL) {
> delete [] encoded_image_._buffer;
> }
> + // Reserve more buffer for small resolution overhead.
It's not clear this comment applies to the magic number "100". Perhaps:
// Reserve 100 extra bytes for overhead at small resolutions.
Attachment #8341524 -
Flags: review?(tterribe) → review+
|
|
Assignee | |
Comment 13•11 years ago
|
||
Addressed review comments.
Attachment #8341524 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 14•11 years ago
|
||
|
||
Comment 15•11 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla28
You need to log in
before you can comment on or make changes to this bug.
Description
•