am 115e995c: resolved conflicts for merge of 1f44d837 to lmp-dev

* commit '115e995c6b3fe7ed33e2d5d88872cb87ab4e63f0': Fix integer overflow when handling MPEG4 tx3g atom
author: Wei Jia <wjia@google.com> 2015-06-06 01:15:20 +0000
committer: Android Git Automerger <android-git-automerger@android.com> 2015-06-06 01:15:20 +0000
commit: e6382cb0e9e3fcf730faac3be661c9facd939d49 (patch)
tree: f34f87a401e04ebfa5949a0fd7a0504504cd3159
parent: 0773dc374056f46ff2d98f6421e12365968ba423 (diff)
parent: 115e995c6b3fe7ed33e2d5d88872cb87ab4e63f0 (diff)
download: frameworks_av-e6382cb0e9e3fcf730faac3be661c9facd939d49.zip
frameworks_av-e6382cb0e9e3fcf730faac3be661c9facd939d49.tar.gz
frameworks_av-e6382cb0e9e3fcf730faac3be661c9facd939d49.tar.bz2
1 files changed, 4 insertions, 0 deletions
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp
index 5a86aac..00af00b 100644
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -1890,6 +1890,10 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {
                 size = 0;
             }
 
+            if (SIZE_MAX - chunk_size <= size) {
+                return ERROR_MALFORMED;
+            }
+
             uint8_t *buffer = new (std::nothrow) uint8_t[size + chunk_size];
             if (buffer == NULL) {
                 return ERROR_MALFORMED;
author	Wei Jia <wjia@google.com>	2015-06-06 01:15:20 +0000
committer	Android Git Automerger <android-git-automerger@android.com>	2015-06-06 01:15:20 +0000
commit	e6382cb0e9e3fcf730faac3be661c9facd939d49 (patch)
tree	f34f87a401e04ebfa5949a0fd7a0504504cd3159
parent	0773dc374056f46ff2d98f6421e12365968ba423 (diff)
parent	115e995c6b3fe7ed33e2d5d88872cb87ab4e63f0 (diff)
download	frameworks_av-e6382cb0e9e3fcf730faac3be661c9facd939d49.zip frameworks_av-e6382cb0e9e3fcf730faac3be661c9facd939d49.tar.gz frameworks_av-e6382cb0e9e3fcf730faac3be661c9facd939d49.tar.bz2