Squashed commit of the following:

commit 0014ab17f2e0986044327a5ab22159de50b81e0a
Author: Andreas Huber <andih@google.com>
Date:   Thu Jan 14 14:05:09 2010 -0800

    Another instance of returning an error instead of asserting makes sense.

commit d2cac8c498a65b449a25ec216601830d23c165e7
Author: Andreas Huber <andih@google.com>
Date:   Thu Jan 14 13:34:33 2010 -0800

    Instead of asserting on invalid data (incomplete NAL unit), return an error.

1 files changed, 15 insertions, 2 deletions

diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp
index 9e7f1c7..07a5a82 100644
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -984,7 +984,14 @@ status_t MPEG4Source::read(
             (const uint8_t *)mBuffer->data() + mBuffer->range_offset();
 
         size_t nal_size = parseNALSize(src);
-        CHECK(mBuffer->range_length() >= mNALLengthSize + nal_size);
+        if (mBuffer->range_length() < mNALLengthSize + nal_size) {
+            LOGE("incomplete NAL unit.");
+
+            mBuffer->release();
+            mBuffer = NULL;
+
+            return ERROR_MALFORMED;
+        }
 
         MediaBuffer *clone = mBuffer->clone();
         clone->set_range(mBuffer->range_offset() + mNALLengthSize, nal_size);
@@ -1023,7 +1030,13 @@ status_t MPEG4Source::read(
             CHECK(srcOffset + mNALLengthSize <= size);
             size_t nalLength = parseNALSize(&mSrcBuffer[srcOffset]);
             srcOffset += mNALLengthSize;
-            CHECK(srcOffset + nalLength <= size);
+
+            if (srcOffset + nalLength > size) {
+                mBuffer->release();
+                mBuffer = NULL;
+
+                return ERROR_MALFORMED;
+            }
 
             if (nalLength == 0) {
                 continue;