Bug 1697476 - Shrink MSE's mInputBuffer during append even if it's not empty. r=media-playback-reviewers,kinetik,alwu

This prevents us eventually overflowing the buffer when getting certain data appended. Differential Revision: https://phabricator.services.mozilla.com/D138970
2022-02-18 02:18:49 +00:00 · 2022-02-18 02:18:49 +00:00 · ad87a43101
--- a/dom/media/mediasource/TrackBuffersManager.cpp
+++ b/dom/media/mediasource/TrackBuffersManager.cpp
@ -216,9 +216,28 @@ void TrackBuffersManager::ProcessTasks() {
        // Note: we reset mInputBuffer here to ensure it doesn't grow unbounded.
        mInputBuffer.reset();
        mInputBuffer = Some(MediaSpan(task->As<AppendBufferTask>()->mBuffer));
-      } else if (!mInputBuffer->Append(task->As<AppendBufferTask>()->mBuffer)) {
-        RejectAppend(NS_ERROR_OUT_OF_MEMORY, __func__);
-        return;
+      } else {
+        // mInputBuffer wasn't empty, so we can't just reset it, but we move
+        // the data into a new buffer to clear out data no longer in the span.
+        MSE_DEBUG(
+            "mInputBuffer not empty during append -- data will be copied to "
+            "new buffer. mInputBuffer->Length()=%zu "
+            "mInputBuffer->Buffer()->Length()=%zu",
+            mInputBuffer->Length(), mInputBuffer->Buffer()->Length());
+        const RefPtr<MediaByteBuffer> newBuffer{new MediaByteBuffer()};
+        // Set capacity outside of ctor to let us explicitly handle OOM.
+        const size_t newCapacity =
+            mInputBuffer->Length() +
+            task->As<AppendBufferTask>()->mBuffer->Length();
+        if (!newBuffer->SetCapacity(newCapacity, fallible)) {
+          RejectAppend(NS_ERROR_OUT_OF_MEMORY, __func__);
+          return;
+        }
+        // Use infallible appends as we've already set capacity above.
+        newBuffer->AppendElements(mInputBuffer->Elements(),
+                                  mInputBuffer->Length());
+        newBuffer->AppendElements(*task->As<AppendBufferTask>()->mBuffer);
+        mInputBuffer = Some(MediaSpan(newBuffer));
      }
      mSourceBufferAttributes = MakeUnique<SourceBufferAttributes>(
          task->As<AppendBufferTask>()->mAttributes);