frameworks_av.git - frameworks/av

diff options

author	Ray Essick <essick@google.com>	2016-11-02 14:17:57 -0700
committer	mh0rst <mhorst@tzi.de>	2017-01-13 11:50:13 +0100
commit	8dea6a22058328109dc1fcb7450ca5553f35b4df (patch)
tree	0b2fe97c99c02823400ed55207cf739fd10c5aa8 /CleanSpec.mk
parent	621ca73010f3954566b27c6554ce992cc6069670 (diff)
download	frameworks_av-8dea6a22058328109dc1fcb7450ca5553f35b4df.zip frameworks_av-8dea6a22058328109dc1fcb7450ca5553f35b4df.tar.gz frameworks_av-8dea6a22058328109dc1fcb7450ca5553f35b4df.tar.bz2

DO NOT MERGE: defensive parsing of mp3 album art information

several points in stagefrights mp3 album art code used strlen() to parse user-supplied strings that may be unterminated, resulting in reading beyond the end of a buffer. This changes the code to use strnlen() for 8-bit encodings and strengthens the parsing of 16-bit encodings similarly. It also reworks how we watch for the end-of-buffer to avoid all over-reads. Bug: 32377688 Test: crafted mp3's w/ good/bad cover art. See what showed in play music Change-Id: Ia9f526d71b21ef6a61acacf616b573753cd21df6 (cherry picked from commit fa0806b594e98f1aed3ebcfc6a801b4c0056f9eb) (cherry picked from commit 7a3246b870ddd11861eda2ab458b11d723c7f62c)

Diffstat (limited to 'CleanSpec.mk')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: