summaryrefslogtreecommitdiffstats
path: root/media/libstagefright/MPEG4Extractor.cpp
diff options
context:
space:
mode:
authorMarco Nelissen <marcone@google.com>2015-07-24 09:18:36 -0700
committerAbhishek Arya <aarya@google.com>2015-08-15 00:00:05 +0000
commit073e4f6748f5d7deb095c42fad9271cb99e22d07 (patch)
tree41d8d9bfdb5e08c6bcb35f399634dfa9fea6b64a /media/libstagefright/MPEG4Extractor.cpp
parent3ce293842fed1b3abd2ff0aecd2a0c70a55086ee (diff)
downloadframeworks_av-073e4f6748f5d7deb095c42fad9271cb99e22d07.zip
frameworks_av-073e4f6748f5d7deb095c42fad9271cb99e22d07.tar.gz
frameworks_av-073e4f6748f5d7deb095c42fad9271cb99e22d07.tar.bz2
Check vector size before accessing
Bug: 22388975 Change-Id: I3c157b1029d37f6a22e6302ea7b52077fe27ce53 (cherry picked from commit 529c595b083f8a4c3175e2350fba5547e6008e00)
Diffstat (limited to 'media/libstagefright/MPEG4Extractor.cpp')
-rw-r--r--media/libstagefright/MPEG4Extractor.cpp9
1 files changed, 9 insertions, 0 deletions
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp
index 56bd875..618d522 100644
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -2747,8 +2747,17 @@ status_t MPEG4Source::parseSampleAuxiliaryInformationOffsets(off64_t offset, off
int ivlength;
CHECK(mFormat->findInt32(kKeyCryptoDefaultIVSize, &ivlength));
+ // only 0, 8 and 16 byte initialization vectors are supported
+ if (ivlength != 0 && ivlength != 8 && ivlength != 16) {
+ ALOGW("unsupported IV length: %d", ivlength);
+ return ERROR_MALFORMED;
+ }
// read CencSampleAuxiliaryDataFormats
for (size_t i = 0; i < mCurrentSampleInfoCount; i++) {
+ if (i >= mCurrentSamples.size()) {
+ ALOGW("too few samples");
+ break;
+ }
Sample *smpl = &mCurrentSamples.editItemAt(i);
memset(smpl->iv, 0, 16);
generated by cgit v1.1 at 2024-05-18 00:47:02 +0000