diff options
author | Andreas Huber <andih@google.com> | 2010-01-14 14:13:15 -0800 |
---|---|---|
committer | Andreas Huber <andih@google.com> | 2010-01-14 14:13:15 -0800 |
commit | e8a084958c27327b0aca749f69095605d2a21309 (patch) | |
tree | 09d2403b93698c6c1dafff697f1293a37b20f6cf /media/libstagefright/MPEG4Extractor.cpp | |
parent | 7be6407f2ad7f2b0782d195d9f792072c084d6f5 (diff) | |
download | frameworks_av-e8a084958c27327b0aca749f69095605d2a21309.zip frameworks_av-e8a084958c27327b0aca749f69095605d2a21309.tar.gz frameworks_av-e8a084958c27327b0aca749f69095605d2a21309.tar.bz2 |
Squashed commit of the following:
commit 0014ab17f2e0986044327a5ab22159de50b81e0a
Author: Andreas Huber <andih@google.com>
Date: Thu Jan 14 14:05:09 2010 -0800
Another instance of returning an error instead of asserting makes sense.
commit d2cac8c498a65b449a25ec216601830d23c165e7
Author: Andreas Huber <andih@google.com>
Date: Thu Jan 14 13:34:33 2010 -0800
Instead of asserting on invalid data (incomplete NAL unit), return an error.
Diffstat (limited to 'media/libstagefright/MPEG4Extractor.cpp')
-rw-r--r-- | media/libstagefright/MPEG4Extractor.cpp | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp index 9e7f1c7..07a5a82 100644 --- a/media/libstagefright/MPEG4Extractor.cpp +++ b/media/libstagefright/MPEG4Extractor.cpp @@ -984,7 +984,14 @@ status_t MPEG4Source::read( (const uint8_t *)mBuffer->data() + mBuffer->range_offset(); size_t nal_size = parseNALSize(src); - CHECK(mBuffer->range_length() >= mNALLengthSize + nal_size); + if (mBuffer->range_length() < mNALLengthSize + nal_size) { + LOGE("incomplete NAL unit."); + + mBuffer->release(); + mBuffer = NULL; + + return ERROR_MALFORMED; + } MediaBuffer *clone = mBuffer->clone(); clone->set_range(mBuffer->range_offset() + mNALLengthSize, nal_size); @@ -1023,7 +1030,13 @@ status_t MPEG4Source::read( CHECK(srcOffset + mNALLengthSize <= size); size_t nalLength = parseNALSize(&mSrcBuffer[srcOffset]); srcOffset += mNALLengthSize; - CHECK(srcOffset + nalLength <= size); + + if (srcOffset + nalLength > size) { + mBuffer->release(); + mBuffer = NULL; + + return ERROR_MALFORMED; + } if (nalLength == 0) { continue; |