From 5f8ebaeffd2f4f7a3e5f857c407b2ff9aca7454e Mon Sep 17 00:00:00 2001 From: perkj Date: Tue, 27 Sep 2016 03:47:41 -0700 Subject: [PATCH] Add limitations of number of frames that can be created in I420BufferPool::CreateBuffer. If more than 60 frames are created and not returned, the implementation will crash. I420BufferPool are currently used by the VP8 decoder, Quality scaler and VideoFrameFactory. BUG=b/31390397 NOTRY=true // Because of failing gclient runhooks on some bots Review-Url: https://codereview.webrtc.org/2370653003 Cr-Commit-Position: refs/heads/master@{#14395} --- webrtc/common_video/i420_buffer_pool.cc | 4 ++++ webrtc/common_video/include/i420_buffer_pool.h | 3 +++ 2 files changed, 7 insertions(+) diff --git a/webrtc/common_video/i420_buffer_pool.cc b/webrtc/common_video/i420_buffer_pool.cc index 76a53c5688..630955aff9 100644 --- a/webrtc/common_video/i420_buffer_pool.cc +++ b/webrtc/common_video/i420_buffer_pool.cc @@ -14,6 +14,8 @@ namespace webrtc { +const size_t I420BufferPool::kMaxNumberOfFramesBeforeCrash = 300; + I420BufferPool::I420BufferPool(bool zero_initialize) : zero_initialize_(zero_initialize) {} @@ -24,6 +26,8 @@ void I420BufferPool::Release() { rtc::scoped_refptr I420BufferPool::CreateBuffer(int width, int height) { RTC_DCHECK_RUNS_SERIALIZED(&race_checker_); + RTC_CHECK_LT(buffers_.size(), kMaxNumberOfFramesBeforeCrash) + << "I420BufferPool too big."; // Release buffers with wrong resolution. for (auto it = buffers_.begin(); it != buffers_.end();) { if ((*it)->width() != width || (*it)->height() != height) diff --git a/webrtc/common_video/include/i420_buffer_pool.h b/webrtc/common_video/include/i420_buffer_pool.h index 5aabd756b7..6359c21c8f 100644 --- a/webrtc/common_video/include/i420_buffer_pool.h +++ b/webrtc/common_video/include/i420_buffer_pool.h @@ -23,6 +23,8 @@ namespace webrtc { // When the I420Buffer is destructed, the memory is returned to the pool for use // by subsequent calls to CreateBuffer. If the resolution passed to CreateBuffer // changes, old buffers will be purged from the pool. +// Note that CreateBuffer will crash if more than kMaxNumberOfFramesBeforeCrash +// are created. This is to prevent memory leaks where frames are not returned. class I420BufferPool { public: I420BufferPool() : I420BufferPool(false) {} @@ -36,6 +38,7 @@ class I420BufferPool { void Release(); private: + static const size_t kMaxNumberOfFramesBeforeCrash; // Explicitly use a RefCountedObject to get access to HasOneRef, // needed by the pool to check exclusive access. using PooledI420Buffer = rtc::RefCountedObject;