diff options
author | Andreas Huber <andih@google.com> | 2010-06-24 12:16:25 -0700 |
---|---|---|
committer | Andreas Huber <andih@google.com> | 2010-06-24 12:16:25 -0700 |
commit | 71b1a4e975dfb65660a0119b9d6bf6db77eca09e (patch) | |
tree | acf6471ccd55b33d4ee1625503cf296e80b8db4b /media/libstagefright/MPEG4Extractor.cpp | |
parent | 7bf4fab9e5590d345b93b559f35b2fb0f6b17ca8 (diff) | |
download | frameworks_av-71b1a4e975dfb65660a0119b9d6bf6db77eca09e.zip frameworks_av-71b1a4e975dfb65660a0119b9d6bf6db77eca09e.tar.gz frameworks_av-71b1a4e975dfb65660a0119b9d6bf6db77eca09e.tar.bz2 |
Properly identify malformed (too short) chunks in mpeg4 files.
Change-Id: Id2efb1bba195c4ad6f132cd706cc813135ead8a4
Diffstat (limited to 'media/libstagefright/MPEG4Extractor.cpp')
-rw-r--r-- | media/libstagefright/MPEG4Extractor.cpp | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp index 3639db4..0c2f1e6 100644 --- a/media/libstagefright/MPEG4Extractor.cpp +++ b/media/libstagefright/MPEG4Extractor.cpp @@ -428,6 +428,14 @@ status_t MPEG4Extractor::parseChunk(off_t *offset, int depth) { } chunk_size = ntoh64(chunk_size); data_offset += 8; + + if (chunk_size < 16) { + // The smallest valid chunk is 16 bytes long in this case. + return ERROR_MALFORMED; + } + } else if (chunk_size < 8) { + // The smallest valid chunk is 8 bytes long. + return ERROR_MALFORMED; } char chunk[5]; |