summaryrefslogtreecommitdiffstats
path: root/media/libstagefright/httplive
diff options
context:
space:
mode:
authorRobert Shih <robertshih@google.com>2014-02-07 12:26:58 -0800
committerRobert Shih <robertshih@google.com>2014-03-04 14:10:19 -0800
commitbdc0609f8133517b8e051938ad66bac750be90b4 (patch)
tree61d4f2d63af0fc0db75b405c02e683424189a7f5 /media/libstagefright/httplive
parentb4350af65dd66ed57f1ff79b1b426507f0e73b7b (diff)
downloadframeworks_av-bdc0609f8133517b8e051938ad66bac750be90b4.zip
frameworks_av-bdc0609f8133517b8e051938ad66bac750be90b4.tar.gz
frameworks_av-bdc0609f8133517b8e051938ad66bac750be90b4.tar.bz2
PlaylistFetcher: fix infinite loop when parsing ADTS.
First check for embedded ID3 tag, then bail out if invalid. Bug: 12934795 Change-Id: I74acebed4bfb2c6ca44dfe936166fdba8510233f
Diffstat (limited to 'media/libstagefright/httplive')
-rw-r--r--media/libstagefright/httplive/PlaylistFetcher.cpp12
1 files changed, 12 insertions, 0 deletions
diff --git a/media/libstagefright/httplive/PlaylistFetcher.cpp b/media/libstagefright/httplive/PlaylistFetcher.cpp
index 1a02e85..2649705 100644
--- a/media/libstagefright/httplive/PlaylistFetcher.cpp
+++ b/media/libstagefright/httplive/PlaylistFetcher.cpp
@@ -1220,6 +1220,18 @@ status_t PlaylistFetcher::extractAndQueueAccessUnits(
| (adtsHeader[4] << 3)
| (adtsHeader[5] >> 5);
+ if (aac_frame_length == 0) {
+ const uint8_t *id3Header = adtsHeader;
+ if (!memcmp(id3Header, "ID3", 3)) {
+ ID3 id3(id3Header, buffer->size() - offset, true);
+ if (id3.isValid()) {
+ offset += id3.rawSize();
+ continue;
+ };
+ }
+ return ERROR_MALFORMED;
+ }
+
CHECK_LE(offset + aac_frame_length, buffer->size());
sp<ABuffer> unit = new ABuffer(aac_frame_length);
generated by cgit v1.1 at 2024-05-13 01:59:30 +0000