diff options
| author | Wei Jia <wjia@google.com> | 2014-12-04 05:22:24 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2014-12-04 05:22:25 +0000 |
| commit | 814cbb4e33396fce559475270d6f6c0bd7c43fc5 (patch) | |
| tree | 050dac9b8386db6b656f2153b328c663195caf42 | |
| parent | 18f2f90cff65c384a4e8292cc3296dafafb43d52 (diff) | |
| parent | 4d23645c8d3d93c91967a5494473b4a8b5d10d9c (diff) | |
| download | frameworks_av-814cbb4e33396fce559475270d6f6c0bd7c43fc5.zip frameworks_av-814cbb4e33396fce559475270d6f6c0bd7c43fc5.tar.gz frameworks_av-814cbb4e33396fce559475270d6f6c0bd7c43fc5.tar.bz2 | |
Merge "ESQueue: add frame length checking in validation of ADTS header." into lmp-mr1-dev
| -rw-r--r-- | media/libstagefright/mpeg2ts/ESQueue.cpp | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/media/libstagefright/mpeg2ts/ESQueue.cpp b/media/libstagefright/mpeg2ts/ESQueue.cpp index ef1cd3d..db5d23e 100644 --- a/media/libstagefright/mpeg2ts/ESQueue.cpp +++ b/media/libstagefright/mpeg2ts/ESQueue.cpp @@ -173,8 +173,9 @@ static bool IsSeeminglyValidAC3Header(const uint8_t *ptr, size_t size) { return parseAC3SyncFrame(ptr, size, NULL) > 0; } -static bool IsSeeminglyValidADTSHeader(const uint8_t *ptr, size_t size) { - if (size < 3) { +static bool IsSeeminglyValidADTSHeader( + const uint8_t *ptr, size_t size, size_t *frameLength) { + if (size < 7) { // Not enough data to verify header. return false; } @@ -197,6 +198,13 @@ static bool IsSeeminglyValidADTSHeader(const uint8_t *ptr, size_t size) { return false; } + size_t frameLengthInHeader = + ((ptr[3] & 3) << 11) + (ptr[4] << 3) + ((ptr[5] >> 5) & 7); + if (frameLengthInHeader > size) { + return false; + } + + *frameLength = frameLengthInHeader; return true; } @@ -318,8 +326,10 @@ status_t ElementaryStreamQueue::appendData( } #else ssize_t startOffset = -1; + size_t frameLength; for (size_t i = 0; i < size; ++i) { - if (IsSeeminglyValidADTSHeader(&ptr[i], size - i)) { + if (IsSeeminglyValidADTSHeader( + &ptr[i], size - i, &frameLength)) { startOffset = i; break; } @@ -335,8 +345,13 @@ status_t ElementaryStreamQueue::appendData( startOffset); } + if (frameLength != size - startOffset) { + ALOGW("got ADTS AAC frame length %zd instead of %zd", + frameLength, size - startOffset); + } + data = &ptr[startOffset]; - size -= startOffset; + size = frameLength; #endif break; } |