Bail out when multiple adjacent zero sized samples are found.

Should help with fuzzing timeouts and seem like they should be
invalid... We definitely have files that have a zero sized sample
as the last sample, but none that I can find with contiguous zero
sized samples.

BUG=770577
TEST=fuzzer fails before allocated massive amounts of memory.

Change-Id: Ie137d6f9ec69a1afd5c496c9f6f93706d670c5d9
Reviewed-on: https://chromium-review.googlesource.com/720206Reviewed-by: Dan Sanders <sandersd@chromium.org>
Reviewed-by: Matthew Wolenetz <wolenetz@chromium.org>
Commit-Queue: Matthew Wolenetz <wolenetz@chromium.org>
Commit-Queue: Dale Curtis <dalecurtis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#509601}

media/formats/mp4/track_run_iterator.cc

@@ -390,7 +390,11 @@ bool TrackRunIterator::Init(const MovieFragment& moof) {
         tri.aux_info_total_size = 0;
       }
 
-      tri.samples.resize(trun.sample_count);
+      // Attempt to avoid allocating insane sample counts for invalid media.
+      // Check the first two samples to see if they're both zero size. Such
+      // samples may exist as the last sample and potentially elsewhere, but two
+      // should _hopefully_ never be adjacent.
+      tri.samples.resize(std::min(2u, trun.sample_count));
       for (size_t k = 0; k < trun.sample_count; k++) {
         if (!PopulateSampleInfo(*trex, traf.header, trun, edit_list_offset, k,
                                 &tri.samples[k], traf.sdtp.sample_depends_on(k),
@@ -398,6 +402,14 @@ bool TrackRunIterator::Init(const MovieFragment& moof) {
           return false;
         }
 
+        if (k > 0) {
+          RCHECK_MEDIA_LOGGED(
+              tri.samples[k - 1].size + tri.samples[k].size != 0, media_log_,
+              "Adjacent zero sized samples are forbidden.");
+          if (k == 1 && tri.samples.size() < trun.sample_count)
+            tri.samples.resize(trun.sample_count);
+        }
+
         RCHECK(std::numeric_limits<int64_t>::max() - tri.samples[k].duration >
                run_start_dts);