summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNick Kralevich <nnk@google.com>2015-04-11 00:45:26 +0000
committerAndroid Git Automerger <android-git-automerger@android.com>2015-04-11 00:45:26 +0000
commit5280631330b6e06c2b9f3af5f2afa7d82a022618 (patch)
tree7d9f0a49723efc30294897c767dfbec470871568
parent0dc95be53182d7248d0af32f3025097171100204 (diff)
parente1650d00185ca1121aceecc236cdea107a8247b0 (diff)
downloadframeworks_av-5280631330b6e06c2b9f3af5f2afa7d82a022618.zip
frameworks_av-5280631330b6e06c2b9f3af5f2afa7d82a022618.tar.gz
frameworks_av-5280631330b6e06c2b9f3af5f2afa7d82a022618.tar.bz2
am e1650d00: am 85bb3235: am 8eae9223: am a05bd3c1: am 2f47bb53: am eb204f82: am b919a3a3: am 64290793: Merge "Fix integer underflow in ESDS processing" into klp-dev
* commit 'e1650d00185ca1121aceecc236cdea107a8247b0': Fix integer underflow in ESDS processing
-rw-r--r--media/libstagefright/ESDS.cpp6
1 files changed, 6 insertions, 0 deletions
diff --git a/media/libstagefright/ESDS.cpp b/media/libstagefright/ESDS.cpp
index 427bf7b..8fbb57c 100644
--- a/media/libstagefright/ESDS.cpp
+++ b/media/libstagefright/ESDS.cpp
@@ -136,6 +136,8 @@ status_t ESDS::parseESDescriptor(size_t offset, size_t size) {
--size;
if (streamDependenceFlag) {
+ if (size < 2)
+ return ERROR_MALFORMED;
offset += 2;
size -= 2;
}
@@ -145,11 +147,15 @@ status_t ESDS::parseESDescriptor(size_t offset, size_t size) {
return ERROR_MALFORMED;
}
unsigned URLlength = mData[offset];
+ if (URLlength >= size)
+ return ERROR_MALFORMED;
offset += URLlength + 1;
size -= URLlength + 1;
}
if (OCRstreamFlag) {
+ if (size < 2)
+ return ERROR_MALFORMED;
offset += 2;
size -= 2;