mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 1066319 - Reject mp4 files with unreasonable sample sizes. r=ajones
Don't believe the Sample Size Box if it declares too large a value. The limit is four times the fallback voodoo constant for 1080p in the stsz parser, to support UHD but not 8k video, per current limits elsewhere.
This commit is contained in:
parent
5737880385
commit
1747850822
@ -102,13 +102,17 @@ MP4Demuxer::Init()
|
||||
|
||||
if (!mPrivate->mAudio.get() && !strncmp(mimeType, "audio/", 6)) {
|
||||
mPrivate->mAudio = e->getTrack(i);
|
||||
mPrivate->mAudio->start();
|
||||
if (mPrivate->mAudio->start() != OK) {
|
||||
return false;
|
||||
}
|
||||
mAudioConfig.Update(metaData, mimeType);
|
||||
mPrivate->mIndexes.AppendElement(new Index(
|
||||
mPrivate->mAudio->exportIndex(), mSource, mAudioConfig.mTrackId));
|
||||
} else if (!mPrivate->mVideo.get() && !strncmp(mimeType, "video/", 6)) {
|
||||
mPrivate->mVideo = e->getTrack(i);
|
||||
mPrivate->mVideo->start();
|
||||
if (mPrivate->mVideo->start() != OK) {
|
||||
return false;
|
||||
}
|
||||
mVideoConfig.Update(metaData, mimeType);
|
||||
mPrivate->mIndexes.AppendElement(new Index(
|
||||
mPrivate->mVideo->exportIndex(), mSource, mVideoConfig.mTrackId));
|
||||
|
@ -2428,6 +2428,13 @@ MPEG4Source::~MPEG4Source() {
|
||||
free(mCurrentSampleInfoOffsets);
|
||||
}
|
||||
|
||||
static bool ValidInputSize(int32_t size) {
|
||||
// Reject compressed samples larger than an uncompressed UHD
|
||||
// frame. This is a reasonable cut-off for a lossy codec,
|
||||
// combined with the current Firefox limit to 5k video.
|
||||
return (size > 0 && size < 4 * (1920 * 1080) * 3 / 2);
|
||||
}
|
||||
|
||||
status_t MPEG4Source::start(MetaData *params) {
|
||||
Mutex::Autolock autoLock(mLock);
|
||||
|
||||
@ -2443,6 +2450,10 @@ status_t MPEG4Source::start(MetaData *params) {
|
||||
|
||||
int32_t max_size;
|
||||
CHECK(mFormat->findInt32(kKeyMaxInputSize, &max_size));
|
||||
if (!ValidInputSize(max_size)) {
|
||||
ALOGE("Invalid max input size %d", max_size);
|
||||
return ERROR_MALFORMED;
|
||||
}
|
||||
|
||||
mSrcBuffer = new uint8_t[max_size];
|
||||
|
||||
@ -3225,6 +3236,10 @@ status_t MPEG4Source::read(
|
||||
|
||||
int32_t max_size;
|
||||
CHECK(mFormat->findInt32(kKeyMaxInputSize, &max_size));
|
||||
if (!ValidInputSize(max_size)) {
|
||||
ALOGE("Invalid max input size %d", max_size);
|
||||
return ERROR_MALFORMED;
|
||||
}
|
||||
mBuffer = new MediaBuffer(max_size);
|
||||
assert(mBuffer);
|
||||
}
|
||||
@ -3507,6 +3522,10 @@ status_t MPEG4Source::fragmentedRead(
|
||||
|
||||
int32_t max_size;
|
||||
CHECK(mFormat->findInt32(kKeyMaxInputSize, &max_size));
|
||||
if (!ValidInputSize(max_size)) {
|
||||
ALOGE("Invalid max input size %d", max_size);
|
||||
return ERROR_MALFORMED;
|
||||
}
|
||||
mBuffer = new MediaBuffer(max_size);
|
||||
assert(mBuffer);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user