Bug 1447124 - Use int64_t for SaferMultDiv. r?gerald
This prevent potential division by zero should the cast on the argument cause an overflow.
We still limit the mul and div arguments to INT64_MAX.
MozReview-Commit-ID: gHkv6m4zq0
--- a/dom/media/VideoUtils.cpp
+++ b/dom/media/VideoUtils.cpp
@@ -1,14 +1,17 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "VideoUtils.h"
+#include <functional>
+#include <stdint.h>
+
#include "ImageContainer.h"
#include "MediaContainerType.h"
#include "MediaPrefs.h"
#include "MediaResource.h"
#include "TimeUnits.h"
#include "VorbisUtils.h"
#include "mozilla/Base64.h"
#include "mozilla/SharedThreadPool.h"
@@ -20,31 +23,33 @@
#include "nsContentTypeParser.h"
#include "nsIConsoleService.h"
#include "nsIRandomGenerator.h"
#include "nsIServiceManager.h"
#include "nsMathUtils.h"
#include "nsServiceManagerUtils.h"
#include "nsThreadUtils.h"
-#include <functional>
-#include <stdint.h>
-
namespace mozilla {
NS_NAMED_LITERAL_CSTRING(kEMEKeySystemClearkey, "org.w3.clearkey");
NS_NAMED_LITERAL_CSTRING(kEMEKeySystemWidevine, "com.widevine.alpha");
using layers::PlanarYCbCrImage;
using media::TimeUnit;
-CheckedInt64 SaferMultDiv(int64_t aValue, uint32_t aMul, uint32_t aDiv) {
- int64_t major = aValue / aDiv;
- int64_t remainder = aValue % aDiv;
- return CheckedInt64(remainder) * aMul / aDiv + CheckedInt64(major) * aMul;
+CheckedInt64 SaferMultDiv(int64_t aValue, uint64_t aMul, uint64_t aDiv) {
+ if (aMul > INT64_MAX || aDiv > INT64_MAX) {
+ return CheckedInt64(INT64_MAX) + 1; // Return an invalid checked int.
+ }
+ int64_t mul = aMul;
+ int64_t div = aDiv;
+ int64_t major = aValue / div;
+ int64_t remainder = aValue % div;
+ return CheckedInt64(remainder) * mul / div + CheckedInt64(major) * mul;
}
// Converts from number of audio frames to microseconds, given the specified
// audio rate.
CheckedInt64 FramesToUsecs(int64_t aFrames, uint32_t aRate) {
return SaferMultDiv(aFrames, USECS_PER_S, aRate);
}
--- a/dom/media/VideoUtils.h
+++ b/dom/media/VideoUtils.h
@@ -121,17 +121,17 @@ media::TimeIntervals GetEstimatedBuffere
// Converts from number of audio frames (aFrames) to microseconds, given
// the specified audio rate (aRate).
CheckedInt64 FramesToUsecs(int64_t aFrames, uint32_t aRate);
// Converts from number of audio frames (aFrames) TimeUnit, given
// the specified audio rate (aRate).
media::TimeUnit FramesToTimeUnit(int64_t aFrames, uint32_t aRate);
// Perform aValue * aMul / aDiv, reducing the possibility of overflow due to
// aValue * aMul overflowing.
-CheckedInt64 SaferMultDiv(int64_t aValue, uint32_t aMul, uint32_t aDiv);
+CheckedInt64 SaferMultDiv(int64_t aValue, uint64_t aMul, uint64_t aDiv);
// Converts from microseconds (aUsecs) to number of audio frames, given the
// specified audio rate (aRate). Stores the result in aOutFrames. Returns
// true if the operation succeeded, or false if there was an integer
// overflow while calulating the conversion.
CheckedInt64 UsecsToFrames(int64_t aUsecs, uint32_t aRate);
// Format TimeUnit as number of frames at given rate.
