zqz/platform-external-webrtc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix potential crash in FrameBuffer::IsCompleteSuperFrame

Browse Source 
According to crash reports, crash happens at the line with nothing but
|next_frame->second.frame->is_last_spatial_layer|.

Probably, |frames_| contains entries with empty frame unique_ptr.
This CL adds checks to not dereference those empty pointers.

Bug: chromium:955040
Change-Id: I3060f9e1af8bfc3c8a079c14107b5b4a82f5d015
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/133626
Reviewed-by: Philip Eliasson <philipel@webrtc.org>
Commit-Queue: Ilya Nikolaevskiy <ilnik@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#27706}
This commit is contained in:
Ilya Nikolaevskiy
2019-04-23 10:37:06 +02:00
committed by Commit Bot
parent 2d87a50b46
commit b4a70ed643
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
modules/video_coding/frame_buffer2.cc
View File

@ -407,14 +407,15 @@ bool FrameBuffer::IsCompleteSuperFrame(const EncodedFrame& frame) {
RTC_DCHECK_GT(id.spatial_layer, 0);
--id.spatial_layer;
FrameMap::iterator prev_frame = frames_.find(id);
if (prev_frame == frames_.end())
if (prev_frame == frames_.end() || !prev_frame->second.frame)
return false;
while (prev_frame->second.frame->inter_layer_predicted) {
if (prev_frame == frames_.begin())
return false;
--prev_frame;
--id.spatial_layer;
if (prev_frame->first.picture_id != id.picture_id ||
if (!prev_frame->second.frame ||
prev_frame->first.picture_id != id.picture_id ||
prev_frame->first.spatial_layer != id.spatial_layer) {
return false;
}
@ -426,12 +427,12 @@ bool FrameBuffer::IsCompleteSuperFrame(const EncodedFrame& frame) {
VideoLayerFrameId id = frame.id;
++id.spatial_layer;
FrameMap::iterator next_frame = frames_.find(id);
if (next_frame == frames_.end())
if (next_frame == frames_.end() || !next_frame->second.frame)
return false;
while (!next_frame->second.frame->is_last_spatial_layer) {
++next_frame;
++id.spatial_layer;
if (next_frame == frames_.end() ||
if (next_frame == frames_.end() || !next_frame->second.frame ||
next_frame->first.picture_id != id.picture_id ||
next_frame->first.spatial_layer != id.spatial_layer) {
return false;