diff options
author | Wonsik Kim <wonsik@google.com> | 2015-09-16 22:48:29 +0000 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2015-09-16 22:48:29 +0000 |
commit | fd92e4d3e9648c520dc289f951dc7527a0424f38 (patch) | |
tree | 49012b5af19c50330af2040167769305d3dca14d /media/libstagefright/foundation | |
parent | 421977ae5117403dd481424fab48850d31f239e8 (diff) | |
parent | c259acce721bdc6095ae0d5d7b35aea24f2b68c7 (diff) | |
download | frameworks_av-fd92e4d3e9648c520dc289f951dc7527a0424f38.zip frameworks_av-fd92e4d3e9648c520dc289f951dc7527a0424f38.tar.gz frameworks_av-fd92e4d3e9648c520dc289f951dc7527a0424f38.tar.bz2 |
am c259acce: am f7c40163: am 5f5fc26c: am 322e2dc5: Merge "Avoid size_t overflow in base64 decoding once again" into lmp-dev
* commit 'c259acce721bdc6095ae0d5d7b35aea24f2b68c7':
Avoid size_t overflow in base64 decoding once again
Diffstat (limited to 'media/libstagefright/foundation')
-rw-r--r-- | media/libstagefright/foundation/base64.cpp | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/media/libstagefright/foundation/base64.cpp b/media/libstagefright/foundation/base64.cpp index dcf5bef..7da7db9 100644 --- a/media/libstagefright/foundation/base64.cpp +++ b/media/libstagefright/foundation/base64.cpp @@ -22,11 +22,11 @@ namespace android { sp<ABuffer> decodeBase64(const AString &s) { - if ((s.size() % 4) != 0) { + size_t n = s.size(); + if ((n % 4) != 0) { return NULL; } - size_t n = s.size(); size_t padding = 0; if (n >= 1 && s.c_str()[n - 1] == '=') { padding = 1; @@ -40,11 +40,16 @@ sp<ABuffer> decodeBase64(const AString &s) { } } - size_t outLen = 3 * s.size() / 4 - padding; + // We divide first to avoid overflow. It's OK to do this because we + // already made sure that n % 4 == 0. + size_t outLen = (n / 4) * 3 - padding; sp<ABuffer> buffer = new ABuffer(outLen); uint8_t *out = buffer->data(); + if (out == NULL || buffer->size() < outLen) { + return NULL; + } size_t j = 0; uint32_t accum = 0; for (size_t i = 0; i < n; ++i) { |