diff options
| author | Joshua J. Drake <android-open-source@qoop.org> | 2015-06-12 16:29:17 +0000 |
|---|---|---|
| committer | Android Git Automerger <android-git-automerger@android.com> | 2015-06-12 16:29:17 +0000 |
| commit | acf52af62fcf14d18e4a557319a7307b7ed02c94 (patch) | |
| tree | 634d2a0e4a394f40e3d1c9ef1e981659c74eebfa | |
| parent | 09fec7c14b3eeba465b1f382f71a88540008a3b5 (diff) | |
| parent | a2a912a71e97b92edd7a73452587e0897026ec1e (diff) | |
| download | frameworks_av-acf52af62fcf14d18e4a557319a7307b7ed02c94.zip frameworks_av-acf52af62fcf14d18e4a557319a7307b7ed02c94.tar.gz frameworks_av-acf52af62fcf14d18e4a557319a7307b7ed02c94.tar.bz2 | |
am a2a912a7: am cacf9084: am 534ab954: am 10441a6f: am f02c5c9e: am 4d8ed149: Prevent integer underflow if size is below 6
* commit 'a2a912a71e97b92edd7a73452587e0897026ec1e':
Prevent integer underflow if size is below 6
| -rw-r--r-- | media/libstagefright/MPEG4Extractor.cpp | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp index 8b9def8..bb08513 100644 --- a/media/libstagefright/MPEG4Extractor.cpp +++ b/media/libstagefright/MPEG4Extractor.cpp @@ -2476,6 +2476,10 @@ status_t MPEG4Extractor::parse3GPPMetaData(off64_t offset, size_t size, int dept int len16 = 0; // Number of UTF-16 characters // smallest possible valid UTF-16 string w BOM: 0xfe 0xff 0x00 0x00 + if (size < 6) { + return ERROR_MALFORMED; + } + if (size - 6 >= 4) { len16 = ((size - 6) / 2) - 1; // don't include 0x0000 terminator framedata = (char16_t *)(buffer + 6); |