diff options
| author | Wonsik Kim <wonsik@google.com> | 2015-09-16 22:33:10 +0000 |
|---|---|---|
| committer | Android Git Automerger <android-git-automerger@android.com> | 2015-09-16 22:33:10 +0000 |
| commit | f7c401634ee821a9b04b068a7121cd5386a189f0 (patch) | |
| tree | eb3ab2aa78dcd8ad4347d5d9e7e932b1f66fc016 /media/libstagefright/foundation | |
| parent | 67f36a8e6130f5c22ab177b0d29f5705e86daca2 (diff) | |
| parent | 5f5fc26cfb4f8db965d6ded855ce60ee87ff90ac (diff) | |
| download | frameworks_av-f7c401634ee821a9b04b068a7121cd5386a189f0.zip frameworks_av-f7c401634ee821a9b04b068a7121cd5386a189f0.tar.gz frameworks_av-f7c401634ee821a9b04b068a7121cd5386a189f0.tar.bz2 | |
am 5f5fc26c: am 322e2dc5: Merge "Avoid size_t overflow in base64 decoding once again" into lmp-dev
* commit '5f5fc26cfb4f8db965d6ded855ce60ee87ff90ac':
Avoid size_t overflow in base64 decoding once again
Diffstat (limited to 'media/libstagefright/foundation')
| -rw-r--r-- | media/libstagefright/foundation/base64.cpp | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/media/libstagefright/foundation/base64.cpp b/media/libstagefright/foundation/base64.cpp index dcf5bef..7da7db9 100644 --- a/media/libstagefright/foundation/base64.cpp +++ b/media/libstagefright/foundation/base64.cpp @@ -22,11 +22,11 @@ namespace android { sp<ABuffer> decodeBase64(const AString &s) { - if ((s.size() % 4) != 0) { + size_t n = s.size(); + if ((n % 4) != 0) { return NULL; } - size_t n = s.size(); size_t padding = 0; if (n >= 1 && s.c_str()[n - 1] == '=') { padding = 1; @@ -40,11 +40,16 @@ sp<ABuffer> decodeBase64(const AString &s) { } } - size_t outLen = 3 * s.size() / 4 - padding; + // We divide first to avoid overflow. It's OK to do this because we + // already made sure that n % 4 == 0. + size_t outLen = (n / 4) * 3 - padding; sp<ABuffer> buffer = new ABuffer(outLen); uint8_t *out = buffer->data(); + if (out == NULL || buffer->size() < outLen) { + return NULL; + } size_t j = 0; uint32_t accum = 0; for (size_t i = 0; i < n; ++i) { |