From 49ea47b90e570644a23abfb3f307a1eeb4cecce5 Mon Sep 17 00:00:00 2001 From: Ilya Nikolaevskiy Date: Tue, 15 Jan 2019 10:28:37 +0100 Subject: [PATCH] Fix fuzzer identified crash in DecodeFramesHistory Bug: chromium:921933,chromium:921935 Change-Id: I10f2a4783a717d9541bfc9f9bc0c76eaa2e62f30 Reviewed-on: https://webrtc-review.googlesource.com/c/117562 Commit-Queue: Ilya Nikolaevskiy Reviewed-by: Sergey Silkin Cr-Commit-Position: refs/heads/master@{#26258} --- modules/video_coding/utility/decoded_frames_history.cc | 6 +++++- .../utility/decoded_frames_history_unittest.cc | 10 ++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/modules/video_coding/utility/decoded_frames_history.cc b/modules/video_coding/utility/decoded_frames_history.cc index 42af6a15c2..b8709ad8b4 100644 --- a/modules/video_coding/utility/decoded_frames_history.cc +++ b/modules/video_coding/utility/decoded_frames_history.cc @@ -31,8 +31,12 @@ void DecodedFramesHistory::InsertDecoded(const VideoLayerFrameId& frameid, last_decoded_frame_ = frameid; last_decoded_frame_timestamp_ = timestamp; if (static_cast(layers_.size()) < frameid.spatial_layer + 1) { + size_t old_size = layers_.size(); layers_.resize(frameid.spatial_layer + 1); - layers_[frameid.spatial_layer].buffer.resize(window_size_); + for (size_t i = old_size; i < layers_.size(); ++i) { + layers_[i].buffer.resize(window_size_); + layers_[i].last_stored_index = 0; + } layers_[frameid.spatial_layer].last_stored_index = frameid.picture_id; layers_[frameid.spatial_layer].buffer[frameid.picture_id % window_size_] = true; diff --git a/modules/video_coding/utility/decoded_frames_history_unittest.cc b/modules/video_coding/utility/decoded_frames_history_unittest.cc index 2155e5cd86..12ed2820ad 100644 --- a/modules/video_coding/utility/decoded_frames_history_unittest.cc +++ b/modules/video_coding/utility/decoded_frames_history_unittest.cc @@ -73,6 +73,16 @@ TEST(DecodedFramesHistory, HandlesNewLayer) { EXPECT_EQ(history.WasDecoded({1234, 2}), false); } +TEST(DecodedFramesHistory, HandlesSkippedLayer) { + DecodedFramesHistory history(kHistorySize); + history.InsertDecoded({1234, 0}, 0); + history.InsertDecoded({1234, 2}, 0); + history.InsertDecoded({1235, 0}, 0); + history.InsertDecoded({1235, 1}, 0); + EXPECT_EQ(history.WasDecoded({1234, 1}), false); + EXPECT_EQ(history.WasDecoded({1235, 1}), true); +} + TEST(DecodedFramesHistory, HandlesBigJumpInPictureId) { DecodedFramesHistory history(kHistorySize); history.InsertDecoded({1234, 0}, 0);