Properly identify malformed (too short) chunks in mpeg4 files.

Change-Id: Id2efb1bba195c4ad6f132cd706cc813135ead8a4
author: Andreas Huber <andih@google.com> 2010-06-24 12:16:25 -0700
committer: Andreas Huber <andih@google.com> 2010-06-24 12:16:25 -0700
commit: 71b1a4e975dfb65660a0119b9d6bf6db77eca09e (patch)
tree: acf6471ccd55b33d4ee1625503cf296e80b8db4b /media/libstagefright/MPEG4Extractor.cpp
parent: 7bf4fab9e5590d345b93b559f35b2fb0f6b17ca8 (diff)
download: frameworks_av-71b1a4e975dfb65660a0119b9d6bf6db77eca09e.zip
frameworks_av-71b1a4e975dfb65660a0119b9d6bf6db77eca09e.tar.gz
frameworks_av-71b1a4e975dfb65660a0119b9d6bf6db77eca09e.tar.bz2
1 files changed, 8 insertions, 0 deletions
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp
index 3639db4..0c2f1e6 100644
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -428,6 +428,14 @@ status_t MPEG4Extractor::parseChunk(off_t *offset, int depth) {
         }
         chunk_size = ntoh64(chunk_size);
         data_offset += 8;
+
+        if (chunk_size < 16) {
+            // The smallest valid chunk is 16 bytes long in this case.
+            return ERROR_MALFORMED;
+        }
+    } else if (chunk_size < 8) {
+        // The smallest valid chunk is 8 bytes long.
+        return ERROR_MALFORMED;
     }
 
     char chunk[5];
author	Andreas Huber <andih@google.com>	2010-06-24 12:16:25 -0700
committer	Andreas Huber <andih@google.com>	2010-06-24 12:16:25 -0700
commit	71b1a4e975dfb65660a0119b9d6bf6db77eca09e (patch)
tree	acf6471ccd55b33d4ee1625503cf296e80b8db4b /media/libstagefright/MPEG4Extractor.cpp
parent	7bf4fab9e5590d345b93b559f35b2fb0f6b17ca8 (diff)
download	frameworks_av-71b1a4e975dfb65660a0119b9d6bf6db77eca09e.zip frameworks_av-71b1a4e975dfb65660a0119b9d6bf6db77eca09e.tar.gz frameworks_av-71b1a4e975dfb65660a0119b9d6bf6db77eca09e.tar.bz2