summaryrefslogtreecommitdiffstats
path: root/media/libstagefright/SampleIterator.cpp
diff options
context:
space:
mode:
authorChad Brubaker <cbrubaker@google.com>2015-10-09 12:06:41 -0700
committerSteve Kondik <steve@cyngn.com>2015-11-05 21:16:19 -0800
commit3e6ed1fd2d0e7bf45c1c97bc07db3905a3334f5d (patch)
tree6f6a9c5f27af71d5d5dfd14530bbfbe0dee9cfd8 /media/libstagefright/SampleIterator.cpp
parent60c41651b3147d4e70ad630ba0007f582d3823a1 (diff)
downloadframeworks_av-3e6ed1fd2d0e7bf45c1c97bc07db3905a3334f5d.zip
frameworks_av-3e6ed1fd2d0e7bf45c1c97bc07db3905a3334f5d.tar.gz
frameworks_av-3e6ed1fd2d0e7bf45c1c97bc07db3905a3334f5d.tar.bz2
Fix benign overflow in SampleIterator
Bug:24807954 Change-Id: I83fe1990408c5f1da7cf46ff2a2cafb96b3e8cdd
Diffstat (limited to 'media/libstagefright/SampleIterator.cpp')
-rw-r--r--media/libstagefright/SampleIterator.cpp7
1 files changed, 7 insertions, 0 deletions
diff --git a/media/libstagefright/SampleIterator.cpp b/media/libstagefright/SampleIterator.cpp
index 2748349..032bbb9 100644
--- a/media/libstagefright/SampleIterator.cpp
+++ b/media/libstagefright/SampleIterator.cpp
@@ -166,6 +166,13 @@ status_t SampleIterator::findChunkRange(uint32_t sampleIndex) {
if (mSampleToChunkIndex + 1 < mTable->mNumSampleToChunkOffsets) {
mStopChunk = entry[1].startChunk;
+ if (mStopChunk < mFirstChunk ||
+ (mStopChunk - mFirstChunk) > UINT32_MAX / mSamplesPerChunk ||
+ ((mStopChunk - mFirstChunk) * mSamplesPerChunk >
+ UINT32_MAX - mFirstChunkSampleIndex)) {
+
+ return ERROR_OUT_OF_RANGE;
+ }
mStopChunkSampleIndex =
mFirstChunkSampleIndex
+ (mStopChunk - mFirstChunk) * mSamplesPerChunk;
generated by cgit v1.1 at 2024-05-14 19:34:50 +0000