summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNick Kralevich <nnk@google.com>2015-04-11 00:15:26 +0000
committerAndroid Git Automerger <android-git-automerger@android.com>2015-04-11 00:15:26 +0000
commit8eae9223b61b9290b584dcbe634693964bac4bf8 (patch)
treed922546ec223bf6442467c9ef9efc6fc7d5646bc
parent7d62a9187bf217d32d1e3edc047285380ee30d2a (diff)
parenta05bd3c1cdff400ad92532b06d40ddc5c638c284 (diff)
downloadframeworks_av-8eae9223b61b9290b584dcbe634693964bac4bf8.zip
frameworks_av-8eae9223b61b9290b584dcbe634693964bac4bf8.tar.gz
frameworks_av-8eae9223b61b9290b584dcbe634693964bac4bf8.tar.bz2
am a05bd3c1: am 2f47bb53: am eb204f82: am b919a3a3: am 64290793: Merge "Fix integer underflow in ESDS processing" into klp-dev
* commit 'a05bd3c1cdff400ad92532b06d40ddc5c638c284': Fix integer underflow in ESDS processing
Diffstat
-rw-r--r--media/libstagefright/ESDS.cpp6
1 files changed, 6 insertions, 0 deletions
diff --git a/media/libstagefright/ESDS.cpp b/media/libstagefright/ESDS.cpp
index 427bf7b..8fbb57c 100644
--- a/media/libstagefright/ESDS.cpp
+++ b/media/libstagefright/ESDS.cpp
@@ -136,6 +136,8 @@ status_t ESDS::parseESDescriptor(size_t offset, size_t size) {
--size;
if (streamDependenceFlag) {
+ if (size < 2)
+ return ERROR_MALFORMED;
offset += 2;
size -= 2;
}
@@ -145,11 +147,15 @@ status_t ESDS::parseESDescriptor(size_t offset, size_t size) {
return ERROR_MALFORMED;
}
unsigned URLlength = mData[offset];
+ if (URLlength >= size)
+ return ERROR_MALFORMED;
offset += URLlength + 1;
size -= URLlength + 1;
}
if (OCRstreamFlag) {
+ if (size < 2)
+ return ERROR_MALFORMED;
offset += 2;
size -= 2;
generated by cgit v1.1 at 2024-05-15 20:43:48 +0000