Differential D154176

Bug 1535980 - Ensure that the audio rate read by WebMDemuxer is correctly compared against the maximum allowable rate during metadata sanity checking to avoid out of range errors that could be produced by malformed media files. r=tsmith
ClosedPublic
Actions

Authored by azebrowski on Aug 9 2022, 11:47 PM.
Tags
Referenced Files
Unknown Object (File)
Feb 3 2024, 2:18 AM
Unknown Object (File)
Aug 15 2022, 5:40 PM
Unknown Object (File)
Aug 11 2022, 6:03 PM
Subscribers
alwu
reviewbot

Details

Reviewers
tsmith
alwu
Group Reviewers
media-playback-reviewers
Commits
rMOZILLACENTRAL4c8dfff616b0: Bug 1535980 - Ensure that the audio rate read by WebMDemuxer is correctly…
Bugzilla Bug ID
1535980

Diff Detail

Repository
rMOZILLACENTRAL mozilla-central
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

azebrowski created this revision.Aug 9 2022, 11:47 PM
Herald added a project: secure-revision. · View Herald TranscriptAug 9 2022, 11:47 PM
Harbormaster completed remote builds in B451589: Diff 612671.Aug 9 2022, 11:47 PM
phab-bot published this revision for review.Aug 9 2022, 11:47 PM
phab-bot changed the visibility from "Custom Policy" to "Public (No Login Required)".
phab-bot changed the edit policy from "Custom Policy" to "Restricted Project (Project)".
phab-bot removed a project: secure-revision.
azebrowski added a reviewer: media-playback-reviewers.Aug 9 2022, 11:47 PM
azebrowski added inline comments.Aug 9 2022, 11:55 PM
dom/media/webm/WebMDemuxer.cpp
385–388

AudioInfo::MAX_RATE is stored as a uint32_t as per here, whereas params.rate is stored as a float here. A better idea than the static_cast<decltype> could be to have params.rate and AudioInfo::MAX_RATE use the same datatype for storage, though I'm not sure of the potential side-effects caused by going this route.

The added check for values lower than zero is because params.rate was holding a negative number using the sample video from the bug report.

We could also make improvements to the sanity checks in libnestegg here, for example, though I'm not sure whether making changes to libnestegg is outside the scope of this work.

azebrowski added a comment.Aug 9 2022, 11:56 PM

Here's a treeherder build for this patch.

reviewbot added a subscriber: reviewbot.Aug 10 2022, 12:07 AM

Code analysis found 1 defect in the diff 612671:

  • 1 defect found by clang-format
WARNING: Found 1 issue (warning level) that can be dismissed.

You can run this analysis locally with:

  • ./mach clang-format -p dom/media/webm/WebMDemuxer.cpp

For your convenience, here is a patch that fixes all the clang-format defects (use it in your repository with hg import or git apply -p0).

If you see a problem in this automated review, please report it here.

You can view these defects in the Diff Detail section of Phabricator diff 612671.

azebrowski updated this revision to Diff 613080.Aug 10 2022, 5:20 PM
Harbormaster completed remote builds in B451880: Diff 613080.Aug 10 2022, 5:20 PM
alwu accepted this revision.Aug 11 2022, 6:46 PM
alwu added a subscriber: alwu.

LGTM, could we also add a crash test for this? because we already have the test file in comment2, thanks!

This revision is now accepted and ready to land.Aug 11 2022, 6:46 PM
Herald added a project: needs-testing-tag. · View Herald TranscriptAug 11 2022, 6:46 PM

This revision requires a Testing Policy Project Tag to be set before landing. Please apply one of testing-approved, testing-exception-unchanged, testing-exception-ui, testing-exception-elsewhere, testing-exception-other. Tip: this Firefox add-on makes it easy!

tsmith accepted this revision.Aug 11 2022, 7:00 PM

I have tested the patch and can confirm it does resolve the issue. Thank you!

azebrowski updated this revision to Diff 627502.Sep 15 2022, 11:38 PM
azebrowski added a child revision: D157538: Bug 1535980 - Add crashtest for webm demuxer audio rate sanity check.
Harbormaster completed remote builds in B463352: Diff 627502.Sep 15 2022, 11:38 PM
azebrowski edited projects, added testing-exception-other (Please leave a comment explaining why) ; removed needs-testing-tag.Sep 19 2022, 6:10 PM

Setting tag to testing-exception-other as the test is included in D157538.

Closed by commit rMOZILLACENTRAL4c8dfff616b0: Bug 1535980 - Ensure that the audio rate read by WebMDemuxer is correctly… (authored by azebrowski). · Explain WhySep 19 2022, 6:18 PM
This revision was automatically updated to reflect the committed changes.
azebrowski added a commit: rMOZILLACENTRAL4c8dfff616b0: Bug 1535980 - Ensure that the audio rate read by WebMDemuxer is correctly….

Revision Contents
Changeset List

PathSize
dom/
media/
webm/
4 lines

Diff 628109

View Options

dom/media/webm/WebMDemuxer.cpp

Loading...
Privacy · Cookies · Legal