diff options
| author | Robert Shih <robertshih@google.com> | 2015-07-20 22:56:08 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2015-07-20 22:56:08 +0000 |
| commit | 84e4987ffc8d4bb6731bcb28d69a7ff37a0e9921 (patch) | |
| tree | bbc293885a0d23d95d5e11adff7bb288d71f0ff3 | |
| parent | 40c33635760fe9d5bd3df1f347381bdc215805db (diff) | |
| parent | 2dcf6138ebc9c5688aeae151d2fbde55a2826128 (diff) | |
| download | frameworks_av-84e4987ffc8d4bb6731bcb28d69a7ff37a0e9921.zip frameworks_av-84e4987ffc8d4bb6731bcb28d69a7ff37a0e9921.tar.gz frameworks_av-84e4987ffc8d4bb6731bcb28d69a7ff37a0e9921.tar.bz2 | |
Merge "MatroskaExtractor: detect infinite loop when parsing NALs" into mnc-dev
| -rw-r--r-- | media/libstagefright/matroska/MatroskaExtractor.cpp | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/media/libstagefright/matroska/MatroskaExtractor.cpp b/media/libstagefright/matroska/MatroskaExtractor.cpp index 70d2c69..e8bd432 100644 --- a/media/libstagefright/matroska/MatroskaExtractor.cpp +++ b/media/libstagefright/matroska/MatroskaExtractor.cpp @@ -21,6 +21,7 @@ #include "MatroskaExtractor.h" #include <media/stagefright/foundation/ADebug.h> +#include <media/stagefright/foundation/AUtils.h> #include <media/stagefright/foundation/hexdump.h> #include <media/stagefright/DataSource.h> #include <media/stagefright/MediaBuffer.h> @@ -620,7 +621,12 @@ status_t MatroskaSource::read( TRESPASS(); } - if (srcOffset + mNALSizeLen + NALsize > srcSize) { + if (srcOffset + mNALSizeLen + NALsize <= srcOffset + mNALSizeLen) { + frame->release(); + frame = NULL; + + return ERROR_MALFORMED; + } else if (srcOffset + mNALSizeLen + NALsize > srcSize) { break; } |