summaryrefslogtreecommitdiffstats
path: root/media/libstagefright/foundation
diff options
context:
space:
mode:
authorWonsik Kim <wonsik@google.com>2015-09-07 15:52:27 +0900
committerWonsik Kim <wonsik@google.com>2015-09-18 14:20:15 +0900
commit12d4a6a2636f41d1ee1bc10a23df13ce09efbff6 (patch)
tree05f56e70007b9fdd0df14a7f72e69c755ea33df8 /media/libstagefright/foundation
parentdffe5cdb436987a65a9010460979507c06b5c904 (diff)
downloadframeworks_av-12d4a6a2636f41d1ee1bc10a23df13ce09efbff6.zip
frameworks_av-12d4a6a2636f41d1ee1bc10a23df13ce09efbff6.tar.gz
frameworks_av-12d4a6a2636f41d1ee1bc10a23df13ce09efbff6.tar.bz2
DO NOT MERGE Avoid size_t overflow in base64 decoding once again
Switch to foundation base64 function in OggExtractor and fix the issue there. Bug: 23707088 Change-Id: If8ba3347c213fe7a36668c943ed264f2871ad468
Diffstat (limited to 'media/libstagefright/foundation')
-rw-r--r--media/libstagefright/foundation/base64.cpp11
1 files changed, 8 insertions, 3 deletions
diff --git a/media/libstagefright/foundation/base64.cpp b/media/libstagefright/foundation/base64.cpp
index dcf5bef..7da7db9 100644
--- a/media/libstagefright/foundation/base64.cpp
+++ b/media/libstagefright/foundation/base64.cpp
@@ -22,11 +22,11 @@
namespace android {
sp<ABuffer> decodeBase64(const AString &s) {
- if ((s.size() % 4) != 0) {
+ size_t n = s.size();
+ if ((n % 4) != 0) {
return NULL;
}
- size_t n = s.size();
size_t padding = 0;
if (n >= 1 && s.c_str()[n - 1] == '=') {
padding = 1;
@@ -40,11 +40,16 @@ sp<ABuffer> decodeBase64(const AString &s) {
}
}
- size_t outLen = 3 * s.size() / 4 - padding;
+ // We divide first to avoid overflow. It's OK to do this because we
+ // already made sure that n % 4 == 0.
+ size_t outLen = (n / 4) * 3 - padding;
sp<ABuffer> buffer = new ABuffer(outLen);
uint8_t *out = buffer->data();
+ if (out == NULL || buffer->size() < outLen) {
+ return NULL;
+ }
size_t j = 0;
uint32_t accum = 0;
for (size_t i = 0; i < n; ++i) {
generated by cgit v1.1 at 2024-05-13 21:47:42 +0000