diff options
author | Wonsik Kim <wonsik@google.com> | 2015-09-16 22:40:45 +0000 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2015-09-16 22:40:45 +0000 |
commit | c259acce721bdc6095ae0d5d7b35aea24f2b68c7 (patch) | |
tree | eb3ab2aa78dcd8ad4347d5d9e7e932b1f66fc016 /media/libstagefright/foundation | |
parent | c53328a55427224dd42534d2b500728e38a83ca2 (diff) | |
parent | f7c401634ee821a9b04b068a7121cd5386a189f0 (diff) | |
download | frameworks_av-c259acce721bdc6095ae0d5d7b35aea24f2b68c7.zip frameworks_av-c259acce721bdc6095ae0d5d7b35aea24f2b68c7.tar.gz frameworks_av-c259acce721bdc6095ae0d5d7b35aea24f2b68c7.tar.bz2 |
am f7c40163: am 5f5fc26c: am 322e2dc5: Merge "Avoid size_t overflow in base64 decoding once again" into lmp-dev
* commit 'f7c401634ee821a9b04b068a7121cd5386a189f0':
Avoid size_t overflow in base64 decoding once again
Diffstat (limited to 'media/libstagefright/foundation')
-rw-r--r-- | media/libstagefright/foundation/base64.cpp | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/media/libstagefright/foundation/base64.cpp b/media/libstagefright/foundation/base64.cpp index dcf5bef..7da7db9 100644 --- a/media/libstagefright/foundation/base64.cpp +++ b/media/libstagefright/foundation/base64.cpp @@ -22,11 +22,11 @@ namespace android { sp<ABuffer> decodeBase64(const AString &s) { - if ((s.size() % 4) != 0) { + size_t n = s.size(); + if ((n % 4) != 0) { return NULL; } - size_t n = s.size(); size_t padding = 0; if (n >= 1 && s.c_str()[n - 1] == '=') { padding = 1; @@ -40,11 +40,16 @@ sp<ABuffer> decodeBase64(const AString &s) { } } - size_t outLen = 3 * s.size() / 4 - padding; + // We divide first to avoid overflow. It's OK to do this because we + // already made sure that n % 4 == 0. + size_t outLen = (n / 4) * 3 - padding; sp<ABuffer> buffer = new ABuffer(outLen); uint8_t *out = buffer->data(); + if (out == NULL || buffer->size() < outLen) { + return NULL; + } size_t j = 0; uint32_t accum = 0; for (size_t i = 0; i < n; ++i) { |