frameworks_av.git - frameworks/av

diff options

author	Joshua J. Drake <android-open-source@qoop.org>	2015-05-04 17:14:11 -0500
committer	Paul Kocialkowski <contact@paulk.fr>	2015-08-31 00:22:02 +0200
commit	28f82bc8d580a1e7ab2814cd0f75b47d42b2066c (patch)
tree	f72ba2589ee68e17338a0863fd772ab598a461ac /media/libstagefright/QCUtilityClass.cpp
parent	ec6cff83536f54f1270a335e373caad76bdb8aa7 (diff)
download	frameworks_av-28f82bc8d580a1e7ab2814cd0f75b47d42b2066c.zip frameworks_av-28f82bc8d580a1e7ab2814cd0f75b47d42b2066c.tar.gz frameworks_av-28f82bc8d580a1e7ab2814cd0f75b47d42b2066c.tar.bz2

Fix integer underflow in covr MPEG4 processing

When the 'chunk_data_size' variable is less than 'kSkipBytesOfDataBox', an integer underflow can occur. This causes an extraordinarily large value to be passed to MetaData::setData, leading to a buffer overflow. Bug: 20923261 Change-Id: Icd28f63594ad941eabb3a12c750a4a2d5d2bf94b Signed-off-by: Joshua J. Drake <android-open-source@qoop.org> Tested-by: Moritz Bandemer <replicant@posteo.mx>

Diffstat (limited to 'media/libstagefright/QCUtilityClass.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: