summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWei Jia <wjia@google.com>2015-10-06 16:34:00 +0000
committerAndroid Git Automerger <android-git-automerger@android.com>2015-10-06 16:34:00 +0000
commit60b25aa0c173854593743dd85588c7449baf87c0 (patch)
tree14e18563d6443bee5668cda55354ba61669c0590
parentf7d1f627b0b1139f82f16baee482476cc10ccde4 (diff)
parent9ab9c85e39f089f355faa9cd9db6d113dc482e61 (diff)
downloadframeworks_av-60b25aa0c173854593743dd85588c7449baf87c0.zip
frameworks_av-60b25aa0c173854593743dd85588c7449baf87c0.tar.gz
frameworks_av-60b25aa0c173854593743dd85588c7449baf87c0.tar.bz2
am 9ab9c85e: Merge "MPEG4Extractor: ensure buffer size is not less than 8 for LastCommentData." into klp-dev
* commit '9ab9c85e39f089f355faa9cd9db6d113dc482e61': MPEG4Extractor: ensure buffer size is not less than 8 for LastCommentData.
Diffstat
-rw-r--r--media/libstagefright/MPEG4Extractor.cpp6
1 files changed, 6 insertions, 0 deletions
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp
index e9ecc45..983f64f 100644
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -2185,6 +2185,12 @@ status_t MPEG4Extractor::parseITunesMetaData(off64_t offset, size_t size) {
mLastCommentName.setTo((const char *)buffer + 4);
break;
case FOURCC('d', 'a', 't', 'a'):
+ if (size < 8) {
+ delete[] buffer;
+ buffer = NULL;
+ ALOGE("b/24346430");
+ return ERROR_MALFORMED;
+ }
mLastCommentData.setTo((const char *)buffer + 8);
break;
}
generated by cgit v1.1 at 2025-01-21 21:42:41 +0000