Move remaining mp4_fallible dependent code into this repo

baumanj · baumanj · commit 9c659deced58 · 2020-03-17T17:07:53.000-07:00
diff --git a/mp4parse/Cargo.toml b/mp4parse/Cargo.toml
@@ -28,10 +28,15 @@ byteorder = "1.2.1"
 bitreader = { version = "0.3.2" }
 hashbrown = "0.7.1"
 num-traits = "0.2.0"
-mp4parse_fallible = { version = "0.0.3", optional = true }
 log = "0.4"
 static_assertions = "1.1.0"
 
 [dev-dependencies]
 test-assembler = "0.1.2"
 env_logger = "0.7.1"
+
+[features]
+# Enable mp4parse_fallible to use fallible memory allocation rather than
+# panicking on OOM.  Note that this is only safe within Gecko where the system
+# allocator has been globally overridden (see BMO 1457359).
+mp4parse_fallible = []
diff --git a/mp4parse/src/lib.rs b/mp4parse/src/lib.rs
@@ -163,10 +163,10 @@ mod fallible {
     #[cfg(feature = "mp4parse_fallible")]
     extern "C" {
         fn malloc(bytes: usize) -> *mut u8;
+        fn realloc(ptr: *mut u8, bytes: usize) -> *mut u8;
     }
 
     #[cfg(feature = "mp4parse_fallible")]
-    use mp4parse_fallible::FallibleVec;
     use std::cmp::PartialEq;
     use std::convert::TryInto as _;
     use std::hash::Hash;
@@ -236,20 +236,21 @@ mod fallible {
             #[cfg(feature = "mp4parse_fallible")]
             {
                 let size = std::mem::size_of::<T>();
-                unsafe {
-                    let new_ptr = malloc(size) as *mut T;
-                    if new_ptr.is_null() {
-                        return Err(super::Error::OutOfMemory);
-                    }
+                let new_ptr = unsafe { malloc(size) as *mut T };
 
-                    // If we did a simple assignment: *new_ptr = x, then the
-                    // value pointed to by new_ptr would immediately be
-                    // dropped, but that would cause an invalid memory access.
-                    // Instead, we use replace() to avoid the immediate drop
-                    // and forget() to ensure that drop never happens.
-                    std::mem::forget(std::mem::replace(&mut *new_ptr, x));
-                    inner = Box::from_raw(new_ptr);
+                if new_ptr.is_null() {
+                    return Err(super::Error::OutOfMemory);
                 }
+
+                // If we did a simple assignment: *new_ptr = x, then the value
+                // pointed to by new_ptr would immediately be dropped, but
+                // that would cause an invalid memory access. Instead, we use
+                // replace() to avoid the immediate drop and forget() to
+                // ensure that drop never happens.
+                inner = unsafe {
+                    std::mem::forget(std::mem::replace(&mut *new_ptr, x));
+                    Box::from_raw(new_ptr)
+                };
             }
             #[cfg(not(feature = "mp4parse_fallible"))]
             {
@@ -393,8 +394,24 @@ mod fallible {
         fn reserve(&mut self, additional: usize) -> Result<()> {
             #[cfg(feature = "mp4parse_fallible")]
             {
-                FallibleVec::try_reserve(&mut self.inner, additional)
-                    .map_err(|_| super::Error::OutOfMemory)
+                let available = self
+                    .inner
+                    .capacity()
+                    .checked_sub(self.inner.len())
+                    .expect("capacity >= len");
+                if additional > available {
+                    let increase = additional
+                        .checked_sub(available)
+                        .expect("additional > available");
+                    let new_cap = self
+                        .inner
+                        .capacity()
+                        .checked_add(increase)
+                        .ok_or(super::Error::OutOfMemory)?;
+                    self.try_extend(new_cap)?;
+                    debug_assert!(self.inner.capacity() == new_cap);
+                }
+                Ok(())
             }
             #[cfg(not(feature = "mp4parse_fallible"))]
             {
@@ -411,6 +428,39 @@ mod fallible {
             self.inner.resize_with(new_len, f);
             Ok(())
         }
+
+        #[cfg(feature = "mp4parse_fallible")]
+        fn try_extend(&mut self, new_cap: usize) -> Result<()> {
+            let old_ptr = self.as_mut_ptr();
+            let old_len = self.inner.len();
+
+            let old_cap: usize = self.inner.capacity();
+
+            if old_cap >= new_cap {
+                return Ok(());
+            }
+
+            let new_size_bytes = new_cap
+                .checked_mul(std::mem::size_of::<T>())
+                .ok_or(super::Error::OutOfMemory)?;
+
+            let new_ptr = unsafe {
+                if old_cap == 0 {
+                    malloc(new_size_bytes)
+                } else {
+                    realloc(old_ptr as *mut u8, new_size_bytes)
+                }
+            };
+
+            if new_ptr.is_null() {
+                return Err(super::Error::OutOfMemory);
+            }
+
+            let new_vec = unsafe { Vec::from_raw_parts(new_ptr as *mut T, old_len, new_cap) };
+
+            std::mem::forget(std::mem::replace(&mut self.inner, new_vec));
+            Ok(())
+        }
     }
 
     impl<T: Clone> TryVec<TryVec<T>> {
@@ -432,6 +482,53 @@ mod fallible {
         }
     }
 
+    #[test]
+    #[cfg(feature = "mp4parse_fallible")]
+    fn oom() {
+        let mut vec: TryVec<char> = TryVec::new();
+        match vec.reserve(std::usize::MAX) {
+            Ok(_) => panic!("it should be OOM"),
+            _ => (),
+        }
+    }
+
+    #[test]
+    fn try_reserve() {
+        let mut vec: TryVec<_> = vec![1].into();
+        let old_cap = vec.inner.capacity();
+        let new_cap = old_cap + 1;
+        vec.reserve(new_cap).unwrap();
+        assert!(vec.inner.capacity() >= new_cap);
+    }
+
+    #[test]
+    fn try_reserve_idempotent() {
+        let mut vec: TryVec<_> = vec![1].into();
+        let old_cap = vec.inner.capacity();
+        let new_cap = old_cap + 1;
+        vec.reserve(new_cap).unwrap();
+        let cap_after_reserve = vec.inner.capacity();
+        vec.reserve(new_cap).unwrap();
+        assert_eq!(cap_after_reserve, vec.inner.capacity());
+    }
+
+    #[test]
+    #[cfg(feature = "mp4parse_fallible")]
+    fn capacity_overflow() {
+        let mut vec: TryVec<_> = vec![1].into();
+        match vec.reserve(std::usize::MAX) {
+            Ok(_) => panic!("capacity calculation should overflow"),
+            _ => (),
+        }
+    }
+
+    #[test]
+    fn extend_from_slice() {
+        let mut vec: TryVec<u8> = b"foo".as_ref().try_into().unwrap();
+        vec.extend_from_slice(b"bar").unwrap();
+        assert_eq!(vec, b"foobar".as_ref());
+    }
+
     impl<T> IntoIterator for TryVec<T> {
         type Item = T;
         type IntoIter = std::vec::IntoIter<T>;
@@ -491,6 +588,16 @@ mod fallible {
         }
     }
 
+    impl<T: Clone> std::convert::TryFrom<&[T]> for TryVec<T> {
+        type Error = super::Error;
+
+        fn try_from(value: &[T]) -> Result<Self> {
+            let mut v = Self::new();
+            v.extend_from_slice(value)?;
+            Ok(v)
+        }
+    }
+
     impl std::convert::TryFrom<&str> for TryVec<u8> {
         type Error = super::Error;
 
diff --git a/mp4parse_capi/Cargo.toml b/mp4parse_capi/Cargo.toml
@@ -5,6 +5,7 @@ authors = [
   "Ralph Giles <giles@mozilla.com>",
   "Matthew Gregan <kinetik@flim.org>",
   "Alfredo Yang <ayang@mozilla.com>",
+  "Jon Bauman <jbauman@mozilla.com>",
 ]
 
 description = "Parser for ISO base media file format (mp4)"

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@ authors = [`
`5`	`5`	`"Ralph Giles <[email protected]>",`
`6`	`6`	`"Matthew Gregan <[email protected]>",`
`7`	`7`	`"Alfredo Yang <[email protected]>",`
	`8`	`+ "Jon Bauman <[email protected]>",`
`8`	`9`	`]`
`9`	`10`
`10`	`11`	`description = "Parser for ISO base media file format (mp4)"`