diff options
| author | Marco Nelissen <marcone@google.com> | 2016-06-07 15:48:07 -0700 |
|---|---|---|
| committer | The Android Automerger <android-build@google.com> | 2016-06-23 15:05:16 -0700 |
| commit | 590d1729883f700ab905cdc9ad850f3ddd7e1f56 (patch) | |
| tree | 4f19492c120e82f7066e50a879c0480981646790 | |
| parent | d112f7d0c1dbaf0368365885becb11ca8d3f13a4 (diff) | |
| download | frameworks_av-590d1729883f700ab905cdc9ad850f3ddd7e1f56.zip frameworks_av-590d1729883f700ab905cdc9ad850f3ddd7e1f56.tar.gz frameworks_av-590d1729883f700ab905cdc9ad850f3ddd7e1f56.tar.bz2 | |
Fix potential overflow
Bug: 28533562
Change-Id: I798ab24caa4c81f3ba564cad7c9ee019284fb702
| -rw-r--r-- | media/libstagefright/codecs/on2/h264dec/source/h264bsd_dpb.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/media/libstagefright/codecs/on2/h264dec/source/h264bsd_dpb.c b/media/libstagefright/codecs/on2/h264dec/source/h264bsd_dpb.c index 9517d0a..799bd16 100644 --- a/media/libstagefright/codecs/on2/h264dec/source/h264bsd_dpb.c +++ b/media/libstagefright/codecs/on2/h264dec/source/h264bsd_dpb.c @@ -60,6 +60,7 @@ #include "h264bsd_util.h" #include "basetype.h" +#include <log/log.h> /*------------------------------------------------------------------------------ 2. External compiler flags -------------------------------------------------------------------------------- @@ -998,6 +999,13 @@ u32 h264bsdInitDpb( ASSERT(maxFrameNum); ASSERT(dpbSize); + // see comment in loop below about size calculation + if (picSizeInMbs > (UINT32_MAX - 32 - 15) / 384) { + ALOGE("b/28533562"); + android_errorWriteLog(0x534e4554, "28533562"); + return(MEMORY_ALLOCATION_ERROR); + } + dpb->maxLongTermFrameIdx = NO_LONG_TERM_FRAME_INDICES; dpb->maxRefFrames = MAX(maxRefFrames, 1); if (noReordering) |