diff options
| author | Marco Nelissen <marcone@google.com> | 2014-06-13 14:13:44 -0700 |
|---|---|---|
| committer | Marco Nelissen <marcone@google.com> | 2015-08-19 09:39:02 -0700 |
| commit | 3878b990f7d53eae7c2cf9246b6ef2db5a049872 (patch) | |
| tree | 30beb7e7b1bca4c232f781bf0e973ae6df450166 | |
| parent | f97b6beeb2e2f0977d1c7fa8d2aaafe4e2f4d68a (diff) | |
| download | frameworks_av-3878b990f7d53eae7c2cf9246b6ef2db5a049872.zip frameworks_av-3878b990f7d53eae7c2cf9246b6ef2db5a049872.tar.gz frameworks_av-3878b990f7d53eae7c2cf9246b6ef2db5a049872.tar.bz2 | |
Fail more gracefully on allocation failure
Check allocations when the size is read from a file and might therefore
be invalid.
b/14388161
Change-Id: Ia08cc0a6107f275a70e793ef3b50c0ce16ceeee0
| -rw-r--r-- | media/libstagefright/MPEG4Extractor.cpp | 27 |
1 files changed, 20 insertions, 7 deletions
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp index 0899362..561f005 100644 --- a/media/libstagefright/MPEG4Extractor.cpp +++ b/media/libstagefright/MPEG4Extractor.cpp @@ -362,7 +362,7 @@ MPEG4Extractor::~MPEG4Extractor() { SINF *sinf = mFirstSINF; while (sinf) { SINF *next = sinf->next; - delete sinf->IPMPData; + delete[] sinf->IPMPData; delete sinf; sinf = next; } @@ -679,7 +679,11 @@ status_t MPEG4Extractor::parseDrmSINF(off64_t *offset, off64_t data_offset) { return ERROR_MALFORMED; } sinf->len = dataLen - 3; - sinf->IPMPData = new char[sinf->len]; + sinf->IPMPData = new (std::nothrow) char[sinf->len]; + if (sinf->IPMPData == NULL) { + return ERROR_MALFORMED; + } + data_offset += 2; if (mDataSource->readAt(data_offset + 2, sinf->IPMPData, sinf->len) < sinf->len) { return ERROR_IO; @@ -1073,7 +1077,10 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) { return ERROR_MALFORMED; } - pssh.data = new uint8_t[pssh.datalen]; + pssh.data = new (std::nothrow) uint8_t[pssh.datalen]; + if (pssh.data == NULL) { + return ERROR_MALFORMED; + } ALOGV("allocated pssh @ %p", pssh.data); ssize_t requested = (ssize_t) pssh.datalen; if (mDataSource->readAt(data_offset + 24, pssh.data, requested) < requested) { @@ -1739,8 +1746,7 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) { if ((chunk_size > SIZE_MAX) || (SIZE_MAX - chunk_size <= size)) { return ERROR_MALFORMED; } - - uint8_t *buffer = new uint8_t[size + chunk_size]; + uint8_t *buffer = new (std::nothrow) uint8_t[size + chunk_size]; if (buffer == NULL) { return ERROR_MALFORMED; } @@ -2033,7 +2039,10 @@ status_t MPEG4Extractor::parseMetaData(off64_t offset, size_t size) { return ERROR_MALFORMED; } - uint8_t *buffer = new uint8_t[size + 1]; + uint8_t *buffer = new (std::nothrow) uint8_t[size + 1]; + if (buffer == NULL) { + return ERROR_MALFORMED; + } if (mDataSource->readAt( offset, buffer, size) != (ssize_t)size) { delete[] buffer; @@ -2498,7 +2507,11 @@ status_t MPEG4Source::start(MetaData *params) { mGroup->add_buffer(new MediaBuffer(max_size)); - mSrcBuffer = new uint8_t[max_size]; + mSrcBuffer = new (std::nothrow) uint8_t[max_size]; + if (mSrcBuffer == NULL) { + // file probably specified a bad max size + return ERROR_MALFORMED; + } mStarted = true; |