Don't crash for bitstream errors in AMPEG4ElementaryAssembler

Bug: 17110981 Change-Id: I0d0960fa12f2ad179231494be29af307de217b2a
author: Chong Zhang <chz@google.com> 2014-08-19 16:53:42 -0700
committer: Chong Zhang <chz@google.com> 2014-08-19 17:17:18 -0700
commit: dc9aa7e2cb903bb4ebfce558671a97088477bb6e (patch)
tree: 61ece28f149f1d7b31f81161e942eb3f5b0b68b7 /media/libstagefright/rtsp
parent: 2a1bcb8347ad4778a49bb340c3ed28ba27caa7d7 (diff)
download: frameworks_av-dc9aa7e2cb903bb4ebfce558671a97088477bb6e.zip
frameworks_av-dc9aa7e2cb903bb4ebfce558671a97088477bb6e.tar.gz
frameworks_av-dc9aa7e2cb903bb4ebfce558671a97088477bb6e.tar.bz2
1 files changed, 10 insertions, 5 deletions
diff --git a/media/libstagefright/rtsp/AMPEG4ElementaryAssembler.cpp b/media/libstagefright/rtsp/AMPEG4ElementaryAssembler.cpp
index 98b50dd..76f8f54 100644
--- a/media/libstagefright/rtsp/AMPEG4ElementaryAssembler.cpp
+++ b/media/libstagefright/rtsp/AMPEG4ElementaryAssembler.cpp
@@ -249,11 +249,15 @@ ARTPAssembler::AssemblyStatus AMPEG4ElementaryAssembler::addPacket(
         mPackets.push_back(buffer);
     } else {
         // hexdump(buffer->data(), buffer->size());
+        if (buffer->size() < 2) {
+            return MALFORMED_PACKET;
+        }
 
-        CHECK_GE(buffer->size(), 2u);
         unsigned AU_headers_length = U16_AT(buffer->data());  // in bits
 
-        CHECK_GE(buffer->size(), 2 + (AU_headers_length + 7) / 8);
+        if (buffer->size() < 2 + (AU_headers_length + 7) / 8) {
+            return MALFORMED_PACKET;
+        }
 
         List<AUHeader> headers;
 
@@ -342,7 +346,9 @@ ARTPAssembler::AssemblyStatus AMPEG4ElementaryAssembler::addPacket(
              it != headers.end(); ++it) {
             const AUHeader &header = *it;
 
-            CHECK_LE(offset + header.mSize, buffer->size());
+            if (buffer->size() < offset + header.mSize) {
+                return MALFORMED_PACKET;
+            }
 
             sp<ABuffer> accessUnit = new ABuffer(header.mSize);
             memcpy(accessUnit->data(), buffer->data() + offset, header.mSize);
@@ -352,8 +358,6 @@ ARTPAssembler::AssemblyStatus AMPEG4ElementaryAssembler::addPacket(
             CopyTimes(accessUnit, buffer);
             mPackets.push_back(accessUnit);
         }
-
-        CHECK_EQ(offset, buffer->size());
     }
 
     queue->erase(queue->begin());
@@ -400,6 +404,7 @@ ARTPAssembler::AssemblyStatus AMPEG4ElementaryAssembler::assembleMore(
         const sp<ARTPSource> &source) {
     AssemblyStatus status = addPacket(source);
     if (status == MALFORMED_PACKET) {
+        ALOGI("access unit is damaged");
         mAccessUnitDamaged = true;
     }
     return status;
author	Chong Zhang <chz@google.com>	2014-08-19 16:53:42 -0700
committer	Chong Zhang <chz@google.com>	2014-08-19 17:17:18 -0700
commit	dc9aa7e2cb903bb4ebfce558671a97088477bb6e (patch)
tree	61ece28f149f1d7b31f81161e942eb3f5b0b68b7 /media/libstagefright/rtsp
parent	2a1bcb8347ad4778a49bb340c3ed28ba27caa7d7 (diff)
download	frameworks_av-dc9aa7e2cb903bb4ebfce558671a97088477bb6e.zip frameworks_av-dc9aa7e2cb903bb4ebfce558671a97088477bb6e.tar.gz frameworks_av-dc9aa7e2cb903bb4ebfce558671a97088477bb6e.tar.bz2