Chromium Code Reviews Chromium Code Reviews
Issue 1865203002:
Avoid integer overflow errors when parsing Exp-Golomb codes (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "media/filters/h264_parser.h" | |
| 6 | |
| 7 #include <limits> | |
| 8 | |
| 5 #include "base/logging.h" | 9 #include "base/logging.h" |
| 6 #include "base/macros.h" | 10 #include "base/macros.h" |
| 7 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
| 8 #include "base/stl_util.h" | 12 #include "base/stl_util.h" |
| 9 | |
| 10 #include "media/base/decrypt_config.h" | 13 #include "media/base/decrypt_config.h" |
| 11 #include "media/filters/h264_parser.h" | |
| 12 | 14 |
| 13 namespace media { | 15 namespace media { |
| 14 | 16 |
| 15 bool H264SliceHeader::IsPSlice() const { | 17 bool H264SliceHeader::IsPSlice() const { |
| 16 return (slice_type % 5 == kPSlice); | 18 return (slice_type % 5 == kPSlice); |
| 17 } | 19 } |
| 18 | 20 |
| 19 bool H264SliceHeader::IsBSlice() const { | 21 bool H264SliceHeader::IsBSlice() const { |
| 20 return (slice_type % 5 == kBSlice); | 22 return (slice_type % 5 == kBSlice); |
| 21 } | 23 } |
| (...skipping 289 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 311 // Count the number of contiguous zero bits. | 313 // Count the number of contiguous zero bits. |
| 312 do { | 314 do { |
| 313 READ_BITS_OR_RETURN(1, &bit); | 315 READ_BITS_OR_RETURN(1, &bit); |
| 314 num_bits++; | 316 num_bits++; |
| 315 } while (bit == 0); | 317 } while (bit == 0); |
| 316 | 318 |
| 317 if (num_bits > 31) | 319 if (num_bits > 31) |
| 318 return kInvalidStream; | 320 return kInvalidStream; |
| 319 | 321 |
| 320 // Calculate exp-Golomb code value of size num_bits. | 322 // Calculate exp-Golomb code value of size num_bits. |
| 321 *val = (1 << num_bits) - 1; | 323 // Special case for |num_bits| == 31 to avoid integer overflow. The only |
|
DaleCurtis
2016/04/07 21:19:21
Comment goes with l.328,
| |
| 324 // valid representation as an int is 2^31 - 1, so the remaining bits must | |
| 325 // be 0 or else the number is too large. | |
| 326 *val = (1u << num_bits) - 1u; | |
| 327 | |
| 328 if (num_bits == 31) { | |
| 329 READ_BITS_OR_RETURN(num_bits, &rest); | |
| 330 return (rest == 0) ? kOk : kInvalidStream; | |
|
DaleCurtis
2016/04/07 21:19:21
Could just be "return rest ? kInvalidStream : kOk"
| |
| 331 } | |
| 322 | 332 |
| 323 if (num_bits > 0) { | 333 if (num_bits > 0) { |
| 324 READ_BITS_OR_RETURN(num_bits, &rest); | 334 READ_BITS_OR_RETURN(num_bits, &rest); |
| 325 *val += rest; | 335 *val += rest; |
| 326 } | 336 } |
| 327 | 337 |
| 328 return kOk; | 338 return kOk; |
| 329 } | 339 } |
| 330 | 340 |
| 331 H264Parser::Result H264Parser::ReadSE(int* val) { | 341 H264Parser::Result H264Parser::ReadSE(int* val) { |
| (...skipping 1006 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1338 | 1348 |
| 1339 default: | 1349 default: |
| 1340 DVLOG(4) << "Unsupported SEI message"; | 1350 DVLOG(4) << "Unsupported SEI message"; |
| 1341 break; | 1351 break; |
| 1342 } | 1352 } |
| 1343 | 1353 |
| 1344 return kOk; | 1354 return kOk; |
| 1345 } | 1355 } |
| 1346 | 1356 |
| 1347 } // namespace media | 1357 } // namespace media |
| OLD | NEW |
