diff options
author | Wonsik Kim <wonsik@google.com> | 2016-06-17 01:24:30 +0900 |
---|---|---|
committer | gitbuildkicker <android-build@google.com> | 2016-08-16 15:51:48 -0700 |
commit | e441275efea14a98d5a059328e660d9a08b13932 (patch) | |
tree | 164125c23826ccee945e26c93a3bdfb9a19a017c | |
parent | 10db5e094e4d7501ec277622dc29e714927dc588 (diff) | |
download | frameworks_av-e441275efea14a98d5a059328e660d9a08b13932.zip frameworks_av-e441275efea14a98d5a059328e660d9a08b13932.tar.gz frameworks_av-e441275efea14a98d5a059328e660d9a08b13932.tar.bz2 |
DO NOT MERGE stagefright: fix possible stack overflow in AVCC reassemble
Additionally, remove use of variable length array which is
non-standard in C++.
Bug: 29161888
Change-Id: Ifdc3e7435f2225214c053b13f3bfe71c7d0ff506
-rw-r--r-- | media/libstagefright/Utils.cpp | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/media/libstagefright/Utils.cpp b/media/libstagefright/Utils.cpp index 17f0201..0d9dc3a 100644 --- a/media/libstagefright/Utils.cpp +++ b/media/libstagefright/Utils.cpp @@ -671,20 +671,30 @@ void convertMessageToMetaData(const sp<AMessage> &msg, sp<MetaData> &meta) { // reassemble the csd data into its original form sp<ABuffer> csd0; if (msg->findBuffer("csd-0", &csd0)) { + int csd0size = csd0->size(); if (mime == MEDIA_MIMETYPE_VIDEO_AVC) { sp<ABuffer> csd1; if (msg->findBuffer("csd-1", &csd1)) { - char avcc[1024]; // that oughta be enough, right? - size_t outsize = reassembleAVCC(csd0, csd1, avcc); - meta->setData(kKeyAVCC, kKeyAVCC, avcc, outsize); + Vector<char> avcc; + int avccSize = csd0size + csd1->size() + 1024; + if (avcc.resize(avccSize) < 0) { + ALOGE("error allocating avcc (size %d); abort setting avcc.", avccSize); + } else { + size_t outsize = reassembleAVCC(csd0, csd1, avcc.editArray()); + meta->setData(kKeyAVCC, kKeyAVCC, avcc.array(), outsize); + } } } else if (mime == MEDIA_MIMETYPE_AUDIO_AAC || mime == MEDIA_MIMETYPE_VIDEO_MPEG4) { - int csd0size = csd0->size(); - char esds[csd0size + 31]; - // The written ESDS is actually for an audio stream, but it's enough - // for transporting the CSD to muxers. - reassembleESDS(csd0, esds); - meta->setData(kKeyESDS, kKeyESDS, esds, sizeof(esds)); + Vector<char> esds; + int esdsSize = csd0size + 31; + if (esds.resize(esdsSize) < 0) { + ALOGE("error allocating esds (size %d); abort setting esds.", esdsSize); + } else { + // The written ESDS is actually for an audio stream, but it's enough + // for transporting the CSD to muxers. + reassembleESDS(csd0, esds.editArray()); + meta->setData(kKeyESDS, kKeyESDS, esds.array(), esds.size()); + } } } |