am f475f6c0: am e168bdd2: am f19acf48: am 66b91b34: am e6382cb0: am 115e995c: resolved conflicts for merge of 1f44d837 to lmp-dev

* commit 'f475f6c0cf28f3b4c1ae677febb7590c70865f81': Fix integer overflow when handling MPEG4 tx3g atom
author: Wei Jia <wjia@google.com> 2015-06-12 16:29:20 +0000
committer: Android Git Automerger <android-git-automerger@android.com> 2015-06-12 16:29:20 +0000
commit: 7d3be41436e91a1d79b3a38c651bcd0d2c221f6d (patch)
tree: 45cfcde5a5ad36bf86c5d2d36b2944b90a6f2c8d
parent: 7e2d436ff3338e42df5f31cf2aea4d0d19886b0c (diff)
parent: f475f6c0cf28f3b4c1ae677febb7590c70865f81 (diff)
download: frameworks_av-7d3be41436e91a1d79b3a38c651bcd0d2c221f6d.zip
frameworks_av-7d3be41436e91a1d79b3a38c651bcd0d2c221f6d.tar.gz
frameworks_av-7d3be41436e91a1d79b3a38c651bcd0d2c221f6d.tar.bz2
1 files changed, 4 insertions, 0 deletions
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp
index 8c97468..3f8d7d5 100644
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -1897,6 +1897,10 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {
                 size = 0;
             }
 
+            if (SIZE_MAX - chunk_size <= size) {
+                return ERROR_MALFORMED;
+            }
+
             uint8_t *buffer = new (std::nothrow) uint8_t[size + chunk_size];
             if (buffer == NULL) {
                 return ERROR_MALFORMED;
author	Wei Jia <wjia@google.com>	2015-06-12 16:29:20 +0000
committer	Android Git Automerger <android-git-automerger@android.com>	2015-06-12 16:29:20 +0000
commit	7d3be41436e91a1d79b3a38c651bcd0d2c221f6d (patch)
tree	45cfcde5a5ad36bf86c5d2d36b2944b90a6f2c8d
parent	7e2d436ff3338e42df5f31cf2aea4d0d19886b0c (diff)
parent	f475f6c0cf28f3b4c1ae677febb7590c70865f81 (diff)
download	frameworks_av-7d3be41436e91a1d79b3a38c651bcd0d2c221f6d.zip frameworks_av-7d3be41436e91a1d79b3a38c651bcd0d2c221f6d.tar.gz frameworks_av-7d3be41436e91a1d79b3a38c651bcd0d2c221f6d.tar.bz2