diff options
| author | Abhishek Arya <aarya@google.com> | 2015-08-18 13:24:21 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2015-08-18 13:24:21 +0000 |
| commit | 6f561b93d8c6473fa0baa281ad4a53f882e656cc (patch) | |
| tree | 6754377500a18f33e295c69bc0a46a9269e7d8c1 | |
| parent | c37f7f6fa0cb7f55cdc5b2d4ccbf2c87c3bc6c3b (diff) | |
| parent | 407d475b797fdc595299d67151230dc6e3835ccd (diff) | |
| download | frameworks_av-6f561b93d8c6473fa0baa281ad4a53f882e656cc.zip frameworks_av-6f561b93d8c6473fa0baa281ad4a53f882e656cc.tar.gz frameworks_av-6f561b93d8c6473fa0baa281ad4a53f882e656cc.tar.bz2 | |
Merge "MatroskaExtractor: detect infinite loop when parsing NALs" into klp-dev
| -rw-r--r-- | media/libstagefright/matroska/MatroskaExtractor.cpp | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/media/libstagefright/matroska/MatroskaExtractor.cpp b/media/libstagefright/matroska/MatroskaExtractor.cpp index cf20428..25d0cf1 100644 --- a/media/libstagefright/matroska/MatroskaExtractor.cpp +++ b/media/libstagefright/matroska/MatroskaExtractor.cpp @@ -23,6 +23,7 @@ #include "mkvparser.hpp" #include <media/stagefright/foundation/ADebug.h> +#include <media/stagefright/foundation/AUtils.h> #include <media/stagefright/foundation/hexdump.h> #include <media/stagefright/DataSource.h> #include <media/stagefright/MediaBuffer.h> @@ -563,7 +564,12 @@ status_t MatroskaSource::read( TRESPASS(); } - if (srcOffset + mNALSizeLen + NALsize > srcSize) { + if (srcOffset + mNALSizeLen + NALsize <= srcOffset + mNALSizeLen) { + frame->release(); + frame = NULL; + + return ERROR_MALFORMED; + } else if (srcOffset + mNALSizeLen + NALsize > srcSize) { break; } |