summaryrefslogtreecommitdiffstats
path: root/media/libstagefright/OggExtractor.cpp
diff options
context:
space:
mode:
authorChad Brubaker <cbrubaker@google.com>2015-08-24 16:37:57 -0700
committerSteve Kondik <steve@cyngn.com>2015-11-05 21:16:19 -0800
commitde04a021142f832a859a83b7826aed391a8f1961 (patch)
treea614f6cba3045ab90536599af1c2c2638aa33a69 /media/libstagefright/OggExtractor.cpp
parentf9e8f2fcaad04776a93bc659a9d9017011fcb085 (diff)
downloadframeworks_av-de04a021142f832a859a83b7826aed391a8f1961.zip
frameworks_av-de04a021142f832a859a83b7826aed391a8f1961.tar.gz
frameworks_av-de04a021142f832a859a83b7826aed391a8f1961.tar.bz2
Fix benign unsigned overflow in OggExtractor
When computing mCurrentPageSamples it was possible to have a harmless unsigned integer overflow during the conf pages leading to false positives with fsanitize integer. To prevent the false positives clamp the result to 0. Bug: 23488745 Bug: 23110888 Change-Id: I0769cb4a915d45b00ea43f2abbefe9ee46165cc7
Diffstat (limited to 'media/libstagefright/OggExtractor.cpp')
-rw-r--r--media/libstagefright/OggExtractor.cpp9
1 files changed, 7 insertions, 2 deletions
diff --git a/media/libstagefright/OggExtractor.cpp b/media/libstagefright/OggExtractor.cpp
index 5c81f1a..d63ac96 100644
--- a/media/libstagefright/OggExtractor.cpp
+++ b/media/libstagefright/OggExtractor.cpp
@@ -774,8 +774,13 @@ status_t MyOggExtractor::_readNextPacket(MediaBuffer **out, bool calcVorbisTimes
return n < 0 ? n : (status_t)ERROR_END_OF_STREAM;
}
- mCurrentPageSamples =
- mCurrentPage.mGranulePosition - mPrevGranulePosition;
+ // Prevent a harmless unsigned integer overflow by clamping to 0
+ if (mCurrentPage.mGranulePosition >= mPrevGranulePosition) {
+ mCurrentPageSamples =
+ mCurrentPage.mGranulePosition - mPrevGranulePosition;
+ } else {
+ mCurrentPageSamples = 0;
+ }
mFirstPacketInPage = true;
mPrevGranulePosition = mCurrentPage.mGranulePosition;
generated by cgit v1.1 at 2024-05-15 01:45:18 +0000