Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / webrtc / 49ea47b90e570644a23abfb3f307a1eeb4cecce5^! / .
commit49ea47b90e570644a23abfb3f307a1eeb4cecce5[log] [tgz]
authorIlya Nikolaevskiy <ilnik@webrtc.org>Tue Jan 15 10:28:37 2019 +0100
committerCommit Bot <commit-bot@chromium.org>Tue Jan 15 10:26:13 2019 +0000
tree8c9b784e9b177bbe87f67d00a50c8ada4bced92c
parentee0a85cee25174a60e39e8a37e063d4c9a76c348 [diff]
Fix fuzzer identified crash in DecodeFramesHistory

Bug: chromium:921933,chromium:921935
Change-Id: I10f2a4783a717d9541bfc9f9bc0c76eaa2e62f30
Reviewed-on: https://webrtc-review.googlesource.com/c/117562
Commit-Queue: Ilya Nikolaevskiy <ilnik@webrtc.org>
Reviewed-by: Sergey Silkin <ssilkin@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#26258}
diff --git a/modules/video_coding/utility/decoded_frames_history.cc b/modules/video_coding/utility/decoded_frames_history.cc
index 42af6a1..b8709ad 100644
--- a/modules/video_coding/utility/decoded_frames_history.cc
+++ b/modules/video_coding/utility/decoded_frames_history.cc

@@ -31,8 +31,12 @@
   last_decoded_frame_ = frameid;
   last_decoded_frame_timestamp_ = timestamp;
   if (static_cast<int>(layers_.size()) < frameid.spatial_layer + 1) {
+    size_t old_size = layers_.size();
     layers_.resize(frameid.spatial_layer + 1);
-    layers_[frameid.spatial_layer].buffer.resize(window_size_);
+    for (size_t i = old_size; i < layers_.size(); ++i) {
+      layers_[i].buffer.resize(window_size_);
+      layers_[i].last_stored_index = 0;
+    }
     layers_[frameid.spatial_layer].last_stored_index = frameid.picture_id;
     layers_[frameid.spatial_layer].buffer[frameid.picture_id % window_size_] =
         true;

diff --git a/modules/video_coding/utility/decoded_frames_history_unittest.cc b/modules/video_coding/utility/decoded_frames_history_unittest.cc
index 2155e5c..12ed282 100644
--- a/modules/video_coding/utility/decoded_frames_history_unittest.cc
+++ b/modules/video_coding/utility/decoded_frames_history_unittest.cc

@@ -73,6 +73,16 @@
   EXPECT_EQ(history.WasDecoded({1234, 2}), false);
 }
 
+TEST(DecodedFramesHistory, HandlesSkippedLayer) {
+  DecodedFramesHistory history(kHistorySize);
+  history.InsertDecoded({1234, 0}, 0);
+  history.InsertDecoded({1234, 2}, 0);
+  history.InsertDecoded({1235, 0}, 0);
+  history.InsertDecoded({1235, 1}, 0);
+  EXPECT_EQ(history.WasDecoded({1234, 1}), false);
+  EXPECT_EQ(history.WasDecoded({1235, 1}), true);
+}
+
 TEST(DecodedFramesHistory, HandlesBigJumpInPictureId) {
   DecodedFramesHistory history(kHistorySize);
   history.InsertDecoded({1234, 0}, 0);