diff options
| author | sheu@chromium.org <sheu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-01-15 07:06:33 +0000 |
|---|---|---|
| committer | sheu@chromium.org <sheu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-01-15 07:06:33 +0000 |
| commit | cd0403ac6258e889bc4e556cfab6a41859dd1351 (patch) | |
| tree | 2d48e6fecdf22e8ea3e942ae6df8d03a86823710 /content/common/gpu/media | |
| parent | 51951adce0310d7f027ecb973f7b15d623ddbff5 (diff) | |
| download | chromium_src-cd0403ac6258e889bc4e556cfab6a41859dd1351.zip chromium_src-cd0403ac6258e889bc4e556cfab6a41859dd1351.tar.gz chromium_src-cd0403ac6258e889bc4e556cfab6a41859dd1351.tar.bz2 | |
Enforce non-negative BitstreamBuffer id
There is some video decode accelerator code that assumes that a negative
BitstreamBuffer id is never given, and uses it to mark error conditions.
* Check for non-negative id when receving over IPC.
* Make sure we don't send negative ids from our video decode pipeline (by
handling wrapping)
* Update PPAPI interface to document the fact that negative ids should not
be used.
BUG=chromium:168293
TEST=local build, run on snow
Review URL: https://chromiumcodereview.appspot.com/11826064
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@176816 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/common/gpu/media')
| -rw-r--r-- | content/common/gpu/media/gpu_video_decode_accelerator.cc | 10 | ||||
| -rw-r--r-- | content/common/gpu/media/video_decode_accelerator_unittest.cc | 4 |
2 files changed, 13 insertions, 1 deletions
diff --git a/content/common/gpu/media/gpu_video_decode_accelerator.cc b/content/common/gpu/media/gpu_video_decode_accelerator.cc index e6b1f85..9368096 100644 --- a/content/common/gpu/media/gpu_video_decode_accelerator.cc +++ b/content/common/gpu/media/gpu_video_decode_accelerator.cc @@ -205,6 +205,11 @@ void GpuVideoDecodeAccelerator::Initialize( void GpuVideoDecodeAccelerator::OnDecode( base::SharedMemoryHandle handle, int32 id, uint32 size) { DCHECK(video_decode_accelerator_.get()); + if (id < 0) { + DLOG(FATAL) << "BitstreamBuffer id " << id << " out of range"; + NotifyError(media::VideoDecodeAccelerator::INVALID_ARGUMENT); + return; + } video_decode_accelerator_->Decode(media::BitstreamBuffer(id, handle, size)); } @@ -224,6 +229,11 @@ void GpuVideoDecodeAccelerator::OnAssignPictureBuffers( std::vector<media::PictureBuffer> buffers; for (uint32 i = 0; i < buffer_ids.size(); ++i) { + if (buffer_ids[i] < 0) { + DLOG(FATAL) << "Buffer id " << buffer_ids[i] << " out of range"; + NotifyError(media::VideoDecodeAccelerator::INVALID_ARGUMENT); + return; + } gpu::gles2::TextureManager::TextureInfo* info = texture_manager->GetTextureInfo(texture_ids[i]); if (!info) { diff --git a/content/common/gpu/media/video_decode_accelerator_unittest.cc b/content/common/gpu/media/video_decode_accelerator_unittest.cc index f325b40c..99e6a44 100644 --- a/content/common/gpu/media/video_decode_accelerator_unittest.cc +++ b/content/common/gpu/media/video_decode_accelerator_unittest.cc @@ -603,7 +603,9 @@ void GLRenderingVDAClient::DecodeNextFragments() { base::SharedMemoryHandle dup_handle; CHECK(shm.ShareToProcess(base::Process::Current().handle(), &dup_handle)); media::BitstreamBuffer bitstream_buffer( - next_bitstream_buffer_id_++, dup_handle, next_fragment_size); + next_bitstream_buffer_id_, dup_handle, next_fragment_size); + // Mask against 30 bits, to avoid (undefined) wraparound on signed integer. + next_bitstream_buffer_id_ = (next_bitstream_buffer_id_ + 1) & 0x3FFFFFFF; decoder_->Decode(bitstream_buffer); ++outstanding_decodes_; encoded_data_next_pos_to_decode_ = end_pos; |