Validate references of frames inserted into FrameBuffer2. BUG=chromium:730603 Review-Url: https://codereview.webrtc.org/2937243002 Cr-Commit-Position: refs/heads/master@{#18614}

commit: 112adf9ca9e2ea3bc251345fbac46e1d22ed0a57 [log] [tgz]
author: philipel <philipel@webrtc.org> Thu Jun 15 09:06:21 2017 -0700
committer: Commit Bot <commit-bot@chromium.org> Thu Jun 15 16:06:21 2017 +0000
tree: 487d115e95ebf2282160a976b6b85c9630cabda0
parent: eb02c03a53734b6faf01d7f98a6174918169b850 [diff] [blame]
diff --git a/webrtc/modules/video_coding/frame_buffer2.cc b/webrtc/modules/video_coding/frame_buffer2.cc
index de96a52..1114e7c 100644
--- a/webrtc/modules/video_coding/frame_buffer2.cc
+++ b/webrtc/modules/video_coding/frame_buffer2.cc

@@ -238,6 +238,22 @@
   new_continuous_frame_event_.Set();
 }
 
+bool FrameBuffer::ValidReferences(const FrameObject& frame) const {
+  for (size_t i = 0; i < frame.num_references; ++i) {
+    if (AheadOrAt(frame.references[i], frame.picture_id))
+      return false;
+    for (size_t j = i + 1; j < frame.num_references; ++j) {
+      if (frame.references[i] == frame.references[j])
+        return false;
+    }
+  }
+
+  if (frame.inter_layer_predicted && frame.spatial_layer == 0)
+    return false;
+
+  return true;
+}
+
 void FrameBuffer::UpdatePlayoutDelays(const FrameObject& frame) {
   TRACE_EVENT0("webrtc", "FrameBuffer::UpdatePlayoutDelays");
   PlayoutDelay playout_delay = frame.EncodedImage().playout_delay_;
@@ -262,6 +278,13 @@
           ? -1
           : last_continuous_frame_it_->first.picture_id;
 
+  if (!ValidReferences(*frame)) {
+    LOG(LS_WARNING) << "Frame with (picture_id:spatial_id) (" << key.picture_id
+                    << ":" << static_cast<int>(key.spatial_layer)
+                    << ") has invalid frame references, dropping frame.";
+    return last_continuous_picture_id;
+  }
+
   if (num_frames_buffered_ >= kMaxFramesBuffered) {
     LOG(LS_WARNING) << "Frame with (picture_id:spatial_id) (" << key.picture_id
                     << ":" << static_cast<int>(key.spatial_layer)
@@ -270,13 +293,6 @@
     return last_continuous_picture_id;
   }
 
-  if (frame->inter_layer_predicted && frame->spatial_layer == 0) {
-    LOG(LS_WARNING) << "Frame with (picture_id:spatial_id) (" << key.picture_id
-                    << ":" << static_cast<int>(key.spatial_layer)
-                    << ") is marked as inter layer predicted, dropping frame.";
-    return last_continuous_picture_id;
-  }
-
   if (last_decoded_frame_it_ != frames_.end() &&
       key <= last_decoded_frame_it_->first) {
     if (AheadOf(frame->timestamp, last_decoded_frame_timestamp_) &&
@@ -363,11 +379,15 @@
     // any unfulfilled dependencies then that frame is continuous as well.
     for (size_t d = 0; d < frame->second.num_dependent_frames; ++d) {
       auto frame_ref = frames_.find(frame->second.dependent_frames[d]);
-      --frame_ref->second.num_missing_continuous;
+      RTC_DCHECK(frame_ref != frames_.end());
 
-      if (frame_ref->second.num_missing_continuous == 0) {
-        frame_ref->second.continuous = true;
-        continuous_frames.push(frame_ref);
+      // TODO(philipel): Look into why we've seen this happen.
+      if (frame_ref != frames_.end()) {
+        --frame_ref->second.num_missing_continuous;
+        if (frame_ref->second.num_missing_continuous == 0) {
+          frame_ref->second.continuous = true;
+          continuous_frames.push(frame_ref);
+        }
       }
     }
   }
commit	112adf9ca9e2ea3bc251345fbac46e1d22ed0a57	[log] [tgz]
author	philipel <philipel@webrtc.org>	Thu Jun 15 09:06:21 2017 -0700
committer	Commit Bot <commit-bot@chromium.org>	Thu Jun 15 16:06:21 2017 +0000
tree	487d115e95ebf2282160a976b6b85c9630cabda0
parent	eb02c03a53734b6faf01d7f98a6174918169b850 [diff] [blame]