Skip to content
Permalink
Browse files
[Mac] VTVideoDecoderClass object pointers can become unaligned on x86
https://bugs.webkit.org/show_bug.cgi?id=239916
<rdar://92445366>

Reviewed by Eric Carlson.

Both the base class and the derived class must be 4-byte aligned on x86, or there
is a chance that a pointer member of that struct will cross a page boundary, and
dereferencing that pointer will fail.

* Source/webrtc/sdk/WebKit/WebKitVP8Decoder.cpp:
* Source/webrtc/sdk/WebKit/WebKitVP9Decoder.cpp:

Canonical link: https://commits.webkit.org/250147@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@293643 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
jernoble committed Apr 30, 2022
1 parent d2bdfeb commit 447c2c89f9b9f9cd5b24d63598a98402b98e1c3b
@@ -1,3 +1,18 @@
2022-04-30 Jer Noble <jer.noble@apple.com>

[Mac] VTVideoDecoderClass object pointers can become unaligned on x86
https://bugs.webkit.org/show_bug.cgi?id=239916
<rdar://92445366>

Reviewed by Eric Carlson.

Both the base class and the derived class must be 4-byte aligned on x86, or there
is a chance that a pointer member of that struct will cross a page boundary, and
dereferencing that pointer will fail.

* Source/webrtc/sdk/WebKit/WebKitVP8Decoder.cpp:
* Source/webrtc/sdk/WebKit/WebKitVP9Decoder.cpp:

2022-04-25 Tim Horton <timothy_horton@apple.com>

Fix duplicate headers warning in libwebrtc Copy Headers phase
@@ -55,12 +55,12 @@ static CFStringRef copyVP8DecoderDebugDescription(CMBaseObjectRef);
#endif

#pragma pack(push, 4)
struct DecoderClass {
struct DecoderBaseClass {
uint8_t pad[padSize];
CMBaseClass alignedClass;
};

static const DecoderClass WebKitVP8Decoder_BaseClass {
static const DecoderBaseClass WebKitVP8Decoder_BaseClass {
{ },
{
kCMBaseObject_ClassVersion_1,
@@ -82,31 +82,49 @@ static const DecoderClass WebKitVP8Decoder_BaseClass {
#else
static_assert(sizeof(WebKitVP8Decoder_BaseClass.alignedClass.version) == sizeof(uintptr_t), "CMBaseClass fixup is not required!");
#endif
static_assert(offsetof(DecoderClass, alignedClass) == padSize, "CMBaseClass offset is incorrect!");
static_assert(alignof(DecoderClass) == 4, "CMBaseClass must have 4 byte alignment");
static_assert(offsetof(DecoderBaseClass, alignedClass) == padSize, "CMBaseClass offset is incorrect!");
static_assert(alignof(DecoderBaseClass) == 4, "CMBaseClass must have 4 byte alignment");

static OSStatus startVP8DecoderSession(VTVideoDecoderRef, VTVideoDecoderSession, CMVideoFormatDescriptionRef);
static OSStatus decodeVP8DecoderFrame(VTVideoDecoderRef, VTVideoDecoderFrame, CMSampleBufferRef, VTDecodeFrameFlags, VTDecodeInfoFlags*);

static const VTVideoDecoderClass WebKitVP8Decoder_VideoDecoderClass =
#pragma pack(push, 4)
struct DecoderClass {
uint8_t pad[padSize];
VTVideoDecoderClass alignedClass;
};

static const DecoderClass WebKitVP8Decoder_VideoDecoderClass =
{
kVTVideoDecoder_ClassVersion_1,
startVP8DecoderSession,
decodeVP8DecoderFrame,
nullptr, // VTVideoDecoderFunction_CopySupportedPropertyDictionary,
nullptr, // VTVideoDecoderFunction_SetProperties
nullptr, // VTVideoDecoderFunction_CopySerializableProperties
nullptr, // VTVideoDecoderFunction_CanAcceptFormatDescription
nullptr, // VTVideoDecoderFunction_FinishDelayedFrames
nullptr, // VTVideoDecoderFunction_StartTileSession
nullptr, // VTVideoDecoderFunction_DecodeTile
nullptr // VTVideoDecoderFunction_FinishDelayedTiles
{ },
{
kVTVideoDecoder_ClassVersion_1,
startVP8DecoderSession,
decodeVP8DecoderFrame,
nullptr, // VTVideoDecoderFunction_CopySupportedPropertyDictionary,
nullptr, // VTVideoDecoderFunction_SetProperties
nullptr, // VTVideoDecoderFunction_CopySerializableProperties
nullptr, // VTVideoDecoderFunction_CanAcceptFormatDescription
nullptr, // VTVideoDecoderFunction_FinishDelayedFrames
nullptr, // VTVideoDecoderFunction_StartTileSession
nullptr, // VTVideoDecoderFunction_DecodeTile
nullptr // VTVideoDecoderFunction_FinishDelayedTiles
}
};
#pragma pack(pop)

#if defined(CMBASE_OBJECT_NEEDS_ALIGNMENT) && CMBASE_OBJECT_NEEDS_ALIGNMENT
static_assert(sizeof(WebKitVP8Decoder_VideoDecoderClass.alignedClass.version) == sizeof(uint32_t), "CMBaseClass fixup is required!");
#else
static_assert(sizeof(WebKitVP8Decoder_VideoDecoderClass.alignedClass.version) == sizeof(uintptr_t), "CMBaseClass fixup is not required!");
#endif
static_assert(offsetof(DecoderClass, alignedClass) == padSize, "CMBaseClass offset is incorrect!");
static_assert(alignof(DecoderClass) == 4, "CMBaseClass must have 4 byte alignment");

static const VTVideoDecoderVTable WebKitVP8DecoderVTable =
{
{ nullptr, &WebKitVP8Decoder_BaseClass.alignedClass },
&WebKitVP8Decoder_VideoDecoderClass
&WebKitVP8Decoder_VideoDecoderClass.alignedClass
};

OSStatus createWebKitVP8Decoder(FigVideoCodecType, CFAllocatorRef allocator, VTVideoDecoderRef* decoderOut)
@@ -55,12 +55,12 @@ static CFStringRef copyVP9DecoderDebugDescription(CMBaseObjectRef);
#endif

#pragma pack(push, 4)
struct DecoderClass {
struct DecoderBaseClass {
uint8_t pad[padSize];
CMBaseClass alignedClass;
};

static const DecoderClass WebKitVP9Decoder_BaseClass {
static const DecoderBaseClass WebKitVP9Decoder_BaseClass {
{ },
{
kCMBaseObject_ClassVersion_1,
@@ -82,31 +82,41 @@ static const DecoderClass WebKitVP9Decoder_BaseClass {
#else
static_assert(sizeof(WebKitVP9Decoder_BaseClass.alignedClass.version) == sizeof(uintptr_t), "CMBaseClass fixup is not required!");
#endif
static_assert(offsetof(DecoderClass, alignedClass) == padSize, "CMBaseClass offset is incorrect!");
static_assert(alignof(DecoderClass) == 4, "CMBaseClass must have 4 byte alignment");
static_assert(offsetof(DecoderBaseClass, alignedClass) == padSize, "CMBaseClass offset is incorrect!");
static_assert(alignof(DecoderBaseClass) == 4, "CMBaseClass must have 4 byte alignment");

static OSStatus startVP9DecoderSession(VTVideoDecoderRef, VTVideoDecoderSession, CMVideoFormatDescriptionRef);
static OSStatus decodeVP9DecoderFrame(VTVideoDecoderRef, VTVideoDecoderFrame, CMSampleBufferRef, VTDecodeFrameFlags, VTDecodeInfoFlags*);

static const VTVideoDecoderClass WebKitVP9Decoder_VideoDecoderClass =
#pragma pack(push, 4)
struct DecoderClass {
uint8_t pad[padSize];
VTVideoDecoderClass alignedClass;
};

static const DecoderClass WebKitVP9Decoder_VideoDecoderClass =
{
kVTVideoDecoder_ClassVersion_1,
startVP9DecoderSession,
decodeVP9DecoderFrame,
nullptr, // VTVideoDecoderFunction_CopySupportedPropertyDictionary,
nullptr, // VTVideoDecoderFunction_SetProperties
nullptr, // VTVideoDecoderFunction_CopySerializableProperties
nullptr, // VTVideoDecoderFunction_CanAcceptFormatDescription
nullptr, // VTVideoDecoderFunction_FinishDelayedFrames
nullptr, // VTVideoDecoderFunction_StartTileSession
nullptr, // VTVideoDecoderFunction_DecodeTile
nullptr // VTVideoDecoderFunction_FinishDelayedTiles
{ },
{
kVTVideoDecoder_ClassVersion_1,
startVP9DecoderSession,
decodeVP9DecoderFrame,
nullptr, // VTVideoDecoderFunction_CopySupportedPropertyDictionary,
nullptr, // VTVideoDecoderFunction_SetProperties
nullptr, // VTVideoDecoderFunction_CopySerializableProperties
nullptr, // VTVideoDecoderFunction_CanAcceptFormatDescription
nullptr, // VTVideoDecoderFunction_FinishDelayedFrames
nullptr, // VTVideoDecoderFunction_StartTileSession
nullptr, // VTVideoDecoderFunction_DecodeTile
nullptr // VTVideoDecoderFunction_FinishDelayedTiles
}
};
#pragma pack(pop)

static const VTVideoDecoderVTable WebKitVP9DecoderVTable =
{
{ nullptr, &WebKitVP9Decoder_BaseClass.alignedClass },
&WebKitVP9Decoder_VideoDecoderClass
&WebKitVP9Decoder_VideoDecoderClass.alignedClass
};

OSStatus createWebKitVP9Decoder(FigVideoCodecType, CFAllocatorRef allocator, VTVideoDecoderRef* decoderOut)

0 comments on commit 447c2c8

Please sign in to comment.