Zero memory for FEC recovered packets when size increases

DanilChapovalov · WebRTC LUCI CQ · commit 1e675c7835f1 · 2023-01-26T12:49:32.000Z
rtc::CopyOnWriteBuffer::SetSize extends buffer with uninitialized memory by design. It is up to the user of the rtc::CopyOnWriteBuffer to ensure it is initialized. (cherry picked from commit 4f74385) No-Try: true Bug: chromium:1404299 Change-Id: I41f3f91bf20ff440984d78ed81e01f5db36ff509 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/290400 Commit-Queue: Danil Chapovalov <danilchap@webrtc.org> Reviewed-by: Per Kjellander <perkj@webrtc.org> Cr-Original-Commit-Position: refs/heads/main@{#38972} Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/291541 Cr-Commit-Position: refs/branch-heads/5481@{#4} Cr-Branched-From: 2e1a9a4-refs/heads/main@{#38901}
diff --git a/modules/rtp_rtcp/source/forward_error_correction.cc b/modules/rtp_rtcp/source/forward_error_correction.cc
@@ -225,10 +225,10 @@ void ForwardErrorCorrection::GenerateFecPayloads(
 
         size_t fec_packet_length = fec_header_size + media_payload_length;
         if (fec_packet_length > fec_packet->data.size()) {
-          // Recall that XORing with zero (which the FEC packets are prefilled
-          // with) is the identity operator, thus all prior XORs are
-          // still correct even though we expand the packet length here.
+          size_t old_size = fec_packet->data.size();
           fec_packet->data.SetSize(fec_packet_length);
+          memset(fec_packet->data.MutableData() + old_size, 0,
+                 fec_packet_length - old_size);
         }
         XorHeaders(*media_packet, fec_packet);
         XorPayloads(*media_packet, media_payload_length, fec_header_size,
@@ -619,7 +619,10 @@ void ForwardErrorCorrection::XorPayloads(const Packet& src,
   RTC_DCHECK_LE(kRtpHeaderSize + payload_length, src.data.size());
   RTC_DCHECK_LE(dst_offset + payload_length, dst->data.capacity());
   if (dst_offset + payload_length > dst->data.size()) {
-    dst->data.SetSize(dst_offset + payload_length);
+    size_t old_size = dst->data.size();
+    size_t new_size = dst_offset + payload_length;
+    dst->data.SetSize(new_size);
+    memset(dst->data.MutableData() + old_size, 0, new_size - old_size);
   }
   uint8_t* dst_data = dst->data.MutableData();
   const uint8_t* src_data = src.data.cdata();
