commit | c466f080dd195e2361f1f6c493c2db552d6855aa | [log] [tgz] |
---|---|---|
author | Kuang-che Wu <kcwu@google.com> | Thu Oct 10 12:25:10 2019 |
committer | Commit Bot <commit-bot@chromium.org> | Thu Oct 10 13:29:40 2019 |
tree | 6e917fc77143bb10de261d6c06fd8c43d53f088f | |
parent | cd0eedb2483b8a1cb07c953f0c06aeec8ce6f144 [diff] |
Cap vp9 fuzzer frame size to prevent OOM Bug: chromium:1009073 Change-Id: I3583e6751249e42decb1f5d48afe10f0d8bd0a1a Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/156360 Reviewed-by: Ilya Nikolaevskiy <ilnik@webrtc.org> Commit-Queue: Kuang-che Wu <kcwu@google.com> Cr-Commit-Position: refs/heads/master@{#29433}
diff --git a/modules/video_coding/codecs/vp9/vp9_frame_buffer_pool.cc b/modules/video_coding/codecs/vp9/vp9_frame_buffer_pool.cc index fe9a974..372a813 100644 --- a/modules/video_coding/codecs/vp9/vp9_frame_buffer_pool.cc +++ b/modules/video_coding/codecs/vp9/vp9_frame_buffer_pool.cc
@@ -108,6 +108,14 @@ vpx_codec_frame_buffer* fb) { RTC_DCHECK(user_priv); RTC_DCHECK(fb); + +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + // Limit size of 8k YUV highdef frame + size_t size_limit = 7680 * 4320 * 3 / 2 * 2; + if (min_size > size_limit) + return -1; +#endif + Vp9FrameBufferPool* pool = static_cast<Vp9FrameBufferPool*>(user_priv); rtc::scoped_refptr<Vp9FrameBuffer> buffer = pool->GetFrameBuffer(min_size);