diff options
author | Chad Brubaker <cbrubaker@google.com> | 2015-08-24 16:37:57 -0700 |
---|---|---|
committer | Steve Kondik <steve@cyngn.com> | 2015-11-05 21:16:19 -0800 |
commit | de04a021142f832a859a83b7826aed391a8f1961 (patch) | |
tree | a614f6cba3045ab90536599af1c2c2638aa33a69 /media/libstagefright/OggExtractor.cpp | |
parent | f9e8f2fcaad04776a93bc659a9d9017011fcb085 (diff) | |
download | frameworks_av-de04a021142f832a859a83b7826aed391a8f1961.zip frameworks_av-de04a021142f832a859a83b7826aed391a8f1961.tar.gz frameworks_av-de04a021142f832a859a83b7826aed391a8f1961.tar.bz2 |
Fix benign unsigned overflow in OggExtractor
When computing mCurrentPageSamples it was possible to have a harmless
unsigned integer overflow during the conf pages leading to false
positives with fsanitize integer. To prevent the false positives clamp
the result to 0.
Bug: 23488745
Bug: 23110888
Change-Id: I0769cb4a915d45b00ea43f2abbefe9ee46165cc7
Diffstat (limited to 'media/libstagefright/OggExtractor.cpp')
-rw-r--r-- | media/libstagefright/OggExtractor.cpp | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/media/libstagefright/OggExtractor.cpp b/media/libstagefright/OggExtractor.cpp index 5c81f1a..d63ac96 100644 --- a/media/libstagefright/OggExtractor.cpp +++ b/media/libstagefright/OggExtractor.cpp @@ -774,8 +774,13 @@ status_t MyOggExtractor::_readNextPacket(MediaBuffer **out, bool calcVorbisTimes return n < 0 ? n : (status_t)ERROR_END_OF_STREAM; } - mCurrentPageSamples = - mCurrentPage.mGranulePosition - mPrevGranulePosition; + // Prevent a harmless unsigned integer overflow by clamping to 0 + if (mCurrentPage.mGranulePosition >= mPrevGranulePosition) { + mCurrentPageSamples = + mCurrentPage.mGranulePosition - mPrevGranulePosition; + } else { + mCurrentPageSamples = 0; + } mFirstPacketInPage = true; mPrevGranulePosition = mCurrentPage.mGranulePosition; |