This fixes a wrap-around issue in SILK LSF stabilization code,
addressing CVE-2017-0381.
MozReview-Commit-ID: 7yCUoSKNOcl
--HG--
extra : rebase_source : da94105d911d7e15b09a549b4b67083a1c2acd93
We use the cheddar crate to generate a C header file
for our mp4parse_capi wrapper crate. Currently we
do this at code check-in time via update-rust.sh.
Cargo 0.18 and later will try to execute a build.rs
file in the crate source tree regardless of whether
it's specified in Cargo.toml so patching out that
line just results in 'crate cheddar not found'.
This change restores the old behaviour by substituting
a 'build = false' line instead.
We do have syntex vendored, but we don't currently build
it by default, so I prefer this solution to just vendoring
cheddar and generating the header at build time. The syntex
crate is quite large and adds significantly to our compile
time.
MozReview-Commit-ID: InJRRODWAdP
--HG--
extra : rebase_source : 29378fcbc86015ce6cc22dc66d38a43ddbac204e
A PPS contains an id that is used as index inside an array. We must ensure that there's enough space in that array.
Also fix H264::DecodePPS which incorrectly always returned an error when parsing a valid PPS.
MozReview-Commit-ID: L1HUAdxWdu0
--HG--
extra : rebase_source : 5e32981d60398d37775573ea17ce54a345401b21
Removing the exported symbols is straightforward enough.
The only wrinkle is that PeerConnectionCtx.cpp gets compiled with and
without MOZILLA_INTERNAL_API. When compiling without
MOZILLA_INTERNAL_API, mozilla::services::Get*Service was redirected to
the _external_* symbol variants. But as the _external_* symbols no
longer exist, PeerConnectionCtx.cpp's code no longer worked.
Fortunately, PeerConnectionCtx.cpp already contains a few #ifdef
MOZILLA_INTERNAL_API blocks to handle internal/external compilation;
fixing this newest issue was just a matter of extending existing blocks
and adding new ones. The key observation is that we never added any
observers when compiling without MOZILLA_INTERNAL_API, so we can #ifdef
out the removals of observers, as those would have no effect, and simply
skip getting the observer service for the observer additions if we're
compiling without MOZILLA_INTERNAL_API.
... except when building with clang on Linux because gyp doesn't seem to recognize the clang static analysis or ASan builds as clang, thus ignoring the following warning suppressions in signaling.gyp. We must suppress the following -Winconsistent-missing-override clang warnings from an upstream webrtc header file to be able to compile webrtc/signaling as warnings-as-errors:
media/webrtc/trunk/webrtc/voice_engine/voe_external_media_impl.h:29:15 [-Winconsistent-missing-override] 'SetExternalRecordingStatus' overrides a member function but is not marked 'override'
media/webrtc/trunk/webrtc/voice_engine/voe_external_media_impl.h:31:15 [-Winconsistent-missing-override] 'SetExternalPlayoutStatus' overrides a member function but is not marked 'override'
media/webrtc/trunk/webrtc/voice_engine/voe_external_media_impl.h:33:15 [-Winconsistent-missing-override] 'ExternalRecordingInsertData' overrides a member function but is not marked 'override'
media/webrtc/trunk/webrtc/voice_engine/voe_external_media_impl.h:40:15 [-Winconsistent-missing-override] 'ExternalPlayoutData' overrides a member function but is not marked 'override'
media/webrtc/trunk/webrtc/voice_engine/voe_external_media_impl.h:47:15 [-Winconsistent-missing-override] 'ExternalPlayoutGetData' overrides a member function but is not marked 'override'
MozReview-Commit-ID: 1k5rdAWNfhk
--HG--
extra : rebase_source : a94aa243ff66e3d6e67654f1066d5a22d2ef522b
extra : histedit_source : 6402128ae23768e213cf5426f0ffd3a8cd0f572c
Replace -1UL with ULONG_MAX.
media/webrtc/signaling/src/sdp/sipcc/sdp_attr.c(584): warning C4146: unary minus operator applied to unsigned type, result still unsigned
media/webrtc/signaling/src/sdp/sipcc/sdp_attr.c(585): warning C4146: unary minus operator applied to unsigned type, result still unsigned
media/webrtc/signaling/src/sdp/sipcc/sdp_attr.c(586): warning C4146: unary minus operator applied to unsigned type, result still unsigned
MozReview-Commit-ID: EepB2xf4MZr
--HG--
extra : rebase_source : 3db5f8c002cf732dbee6b7d56a38c54e0e26509a
extra : histedit_source : 3d0b4f4a816667db2946f34e1bed988346121be2
All writes through a ByteWriter are now checked for success.
Possible failures could be in three classes:
A. Attempt to write a single unreasonably-large block of data. In this case we
just don't allocate more memory, so Firefox should keep functioning but simply
refuse to play this media.
B. Accumulation of a lot of data into a single vector. In this case we return
from the function, which should immediately free the large vector, and
hopefully allow Firefox to continue unscathed; but there is the possibility
that other memory allocations elsewhere will fail in the meantime.
C. OOM across all of Firefox, and this write is just the final drop. Like
previously we will still try to return and deallocate some memory, but this
may not be enough to recover.
So even though this patch cannot fix all possible OOM causes, I think it is
worth adding, as it is simple enough, and will help in some cases where
corrupted data could sensibly be handled without making Firefox crash.
MozReview-Commit-ID: JPVC9hao4Uq
--HG--
extra : rebase_source : b4a8af61ec8f4129819d2e8d51a5b9adc449183c