[chromecast] Fix Browser-process heap OOB write in AudioDecoderForMixer::WritePcm [chromium/src : main]

[Simeon Anfinrud (Gerrit)]

Attention needed from Sandeep Vijayasekar

Simeon Anfinrud added 6 comments

Message

Gemini says: Addressed Gerrit review comments.

6 comments

File chromecast/media/cma/backend/audio_decoder_for_mixer.cc

File-level comment, Patchset 16 (Latest):

Simeon Anfinrud . resolved

Gemini says: Done. Removed redundant calculation.

File-level comment, Patchset 16 (Latest):

Simeon Anfinrud . resolved

Gemini says: Done. `frame_count` is now `size_t` and redundancy is removed.

File chromecast/media/cma/backend/audio_decoder_for_mixer_unittest.cc

File-level comment, Patchset 16 (Latest):

Simeon Anfinrud . resolved

Gemini says: Done. Added missing includes.

File-level comment, Patchset 16 (Latest):

Simeon Anfinrud . resolved

Gemini says: Done. Used size_t for the calculation.

File-level comment, Patchset 16 (Latest):

Simeon Anfinrud . resolved

Gemini says: Done. Added `base::RunLoop().RunUntilIdle()`.

File-level comment, Patchset 16 (Latest):

Simeon Anfinrud . resolved

Gemini says: Done. Used C++17 namespace syntax.

Open in Gerrit

Related details

Attention is currently required from:

• Sandeep Vijayasekar

Submit Requirements:

• Code-Coverage
• Code-Owners
• Code-Review
• Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

Gerrit-MessageType: comment

Gerrit-Project: chromium/src

Gerrit-Branch: main

Gerrit-Change-Id: Iadb13be1e1e4d6ea214dcdc72cc5c6805fe0cf80

Gerrit-Change-Number: 7765494

Gerrit-PatchSet: 16

Gerrit-Owner: Simeon Anfinrud <san...@chromium.org>

Gerrit-Reviewer: Sandeep Vijayasekar <sa...@google.com>

Gerrit-Reviewer: Simeon Anfinrud <san...@chromium.org>

Gerrit-CC: Chromium LUCI CQ <chromiu...@luci-project-accounts.iam.gserviceaccount.com>

Gerrit-CC: Code Review Nudger <android-build...@prod.google.com>

Gerrit-CC: Jerome Jiang <ji...@chromium.org>

Gerrit-CC: Mirko Bonadei <mbon...@chromium.org>

Gerrit-CC: android-bu...@system.gserviceaccount.com <android-bu...@system.gserviceaccount.com>

Gerrit-CC: chromium...@chromium.org

Gerrit-Attention: Sandeep Vijayasekar <sa...@google.com>

Gerrit-Comment-Date: Thu, 14 May 2026 19:44:19 +0000

Gerrit-HasComments: Yes

Gerrit-Has-Labels: No

[Simeon Anfinrud (Gerrit)]

Attention needed from Sandeep Vijayasekar

Simeon Anfinrud voted and added 1 comment

Votes added by Simeon Anfinrud

Auto-Submit

+1

1 comment

File chromecast/media/cma/backend/audio_decoder_for_mixer.cc

Line 554, Patchset 2: const int original_frame_count = buffer->data_size() / frame_size;

Simeon Anfinrud . unresolved

This variable is identical to `frame_count` calculated on line 561. Please remove the redundancy.

Simeon Anfinrud

Gemini says: Done.

Open in Gerrit

Related details

Attention is currently required from:

• Sandeep Vijayasekar

Submit Requirements:

• Code-Coverage
• Code-Owners
• Code-Review

• No-Unresolved-Comments

• Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

Gerrit-MessageType: comment

Gerrit-Project: chromium/src

Gerrit-Branch: main

Gerrit-Change-Id: Iadb13be1e1e4d6ea214dcdc72cc5c6805fe0cf80

Gerrit-Change-Number: 7765494

Gerrit-PatchSet: 17

Gerrit-Owner: Simeon Anfinrud <san...@chromium.org>

Gerrit-Reviewer: Sandeep Vijayasekar <sa...@google.com>

Gerrit-Reviewer: Simeon Anfinrud <san...@chromium.org>

Gerrit-CC: Chromium LUCI CQ <chromiu...@luci-project-accounts.iam.gserviceaccount.com>

Gerrit-CC: Code Review Nudger <android-build...@prod.google.com>

Gerrit-CC: Jerome Jiang <ji...@chromium.org>

Gerrit-CC: Mirko Bonadei <mbon...@chromium.org>

Gerrit-CC: android-bu...@system.gserviceaccount.com <android-bu...@system.gserviceaccount.com>

Gerrit-CC: chromium...@chromium.org

Gerrit-Attention: Sandeep Vijayasekar <sa...@google.com>

Gerrit-Comment-Date: Thu, 14 May 2026 20:49:39 +0000

Gerrit-HasComments: Yes

Gerrit-Has-Labels: Yes

Comment-In-Reply-To: Simeon Anfinrud <san...@chromium.org>

[Simeon Anfinrud (Gerrit)]

Attention needed from Sandeep Vijayasekar

Simeon Anfinrud voted Commit-Queue+1

Commit-Queue

+1

Gerrit-Comment-Date: Wed, 20 May 2026 04:56:08 +0000

Gerrit-HasComments: No

Gerrit-Has-Labels: Yes

[Simeon Anfinrud (Gerrit)]

Attention needed from Sandeep Vijayasekar

Simeon Anfinrud voted Commit-Queue+2

Commit-Queue

+2

Open in Gerrit

Related details

Attention is currently required from:

• Sandeep Vijayasekar

Submit Requirements:

• Code-Coverage
• Code-Owners
• Code-Review
• No-Unresolved-Comments
• Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

Gerrit-MessageType: comment

Gerrit-Project: chromium/src

Gerrit-Branch: main

Gerrit-Change-Id: Iadb13be1e1e4d6ea214dcdc72cc5c6805fe0cf80

Gerrit-Change-Number: 7765494

Gerrit-PatchSet: 18

Gerrit-Owner: Simeon Anfinrud <san...@chromium.org>

Gerrit-Reviewer: Sandeep Vijayasekar <sa...@google.com>

Gerrit-Reviewer: Simeon Anfinrud <san...@chromium.org>

Gerrit-CC: Chromium LUCI CQ <chromiu...@luci-project-accounts.iam.gserviceaccount.com>

Gerrit-CC: Code Review Nudger <android-build...@prod.google.com>

Gerrit-CC: Jerome Jiang <ji...@chromium.org>

Gerrit-CC: Mirko Bonadei <mbon...@chromium.org>

Gerrit-CC: android-bu...@system.gserviceaccount.com <android-bu...@system.gserviceaccount.com>

Gerrit-CC: chromium...@chromium.org

Gerrit-Attention: Sandeep Vijayasekar <sa...@google.com>

Gerrit-Comment-Date: Fri, 29 May 2026 00:35:12 +0000

Gerrit-HasComments: No

Gerrit-Has-Labels: Yes