Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(487)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: media/blink/multibuffer_reader.cc

Issue 1729223003: Fix a bug where an unsigned calculation goes negative and causes very large memcpy() call. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: compile fix Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « media/blink/multibuffer_data_source_unittest.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <stddef.h> 5 #include <stddef.h>
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/callback_helpers.h" 8 #include "base/callback_helpers.h"
9 #include "base/message_loop/message_loop.h" 9 #include "base/message_loop/message_loop.h"
10 #include "media/blink/multibuffer_reader.h" 10 #include "media/blink/multibuffer_reader.h"
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after
99 int64_t p = pos_; 99 int64_t p = pos_;
100 int64_t bytes_read = 0; 100 int64_t bytes_read = 0;
101 while (bytes_read < len) { 101 while (bytes_read < len) {
102 if (i == data_map.end()) 102 if (i == data_map.end())
103 break; 103 break;
104 if (i->first != block(p)) 104 if (i->first != block(p))
105 break; 105 break;
106 if (i->second->end_of_stream()) 106 if (i->second->end_of_stream())
107 break; 107 break;
108 size_t offset = p & ((1LL << multibuffer_->block_size_shift()) - 1); 108 size_t offset = p & ((1LL << multibuffer_->block_size_shift()) - 1);
109 if (offset > static_cast<size_t>(i->second->data_size()))
110 break;
109 size_t tocopy = 111 size_t tocopy =
110 std::min<size_t>(len - bytes_read, i->second->data_size() - offset); 112 std::min<size_t>(len - bytes_read, i->second->data_size() - offset);
111 memcpy(data, i->second->data() + offset, tocopy); 113 memcpy(data, i->second->data() + offset, tocopy);
112 data += tocopy; 114 data += tocopy;
113 bytes_read += tocopy; 115 bytes_read += tocopy;
114 p += tocopy; 116 p += tocopy;
115 ++i; 117 ++i;
116 } 118 }
117 Seek(p); 119 Seek(p);
118 return bytes_read; 120 return bytes_read;
(...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after
235 multibuffer_->AddReader(preload_pos_, this); 237 multibuffer_->AddReader(preload_pos_, this);
236 } else if (multibuffer_->Contains(preload_pos_ - 1)) { 238 } else if (multibuffer_->Contains(preload_pos_ - 1)) {
237 --preload_pos_; 239 --preload_pos_;
238 multibuffer_->AddReader(preload_pos_, this); 240 multibuffer_->AddReader(preload_pos_, this);
239 } 241 }
240 } 242 }
241 CheckWait(); 243 CheckWait();
242 } 244 }
243 245
244 } // namespace media 246 } // namespace media
OLDNEW
« no previous file with comments | « media/blink/multibuffer_data_source_unittest.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698