summaryrefslogtreecommitdiffstats
path: root/media/libstagefright
diff options
context:
space:
mode:
authorNick Kralevich <nnk@google.com>2015-04-10 23:16:02 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>2015-04-10 23:16:03 +0000
commit6429079345404932c5be5956efc7154390d2ed0e (patch)
tree1de9424be4ec0eb26b27a6816a27aaafc254a77f /media/libstagefright
parent17b625b7f51b75fde6640c737474b8b2c51412bf (diff)
parent0e4e5a8c09c63548f2a00c77ab5038b7703384bc (diff)
downloadframeworks_av-6429079345404932c5be5956efc7154390d2ed0e.zip
frameworks_av-6429079345404932c5be5956efc7154390d2ed0e.tar.gz
frameworks_av-6429079345404932c5be5956efc7154390d2ed0e.tar.bz2
Merge "Fix integer underflow in ESDS processing" into klp-dev
Diffstat (limited to 'media/libstagefright')
-rw-r--r--media/libstagefright/ESDS.cpp6
1 files changed, 6 insertions, 0 deletions
diff --git a/media/libstagefright/ESDS.cpp b/media/libstagefright/ESDS.cpp
index 4a0c35c..c76bc4a 100644
--- a/media/libstagefright/ESDS.cpp
+++ b/media/libstagefright/ESDS.cpp
@@ -136,6 +136,8 @@ status_t ESDS::parseESDescriptor(size_t offset, size_t size) {
--size;
if (streamDependenceFlag) {
+ if (size < 2)
+ return ERROR_MALFORMED;
offset += 2;
size -= 2;
}
@@ -145,11 +147,15 @@ status_t ESDS::parseESDescriptor(size_t offset, size_t size) {
return ERROR_MALFORMED;
}
unsigned URLlength = mData[offset];
+ if (URLlength >= size)
+ return ERROR_MALFORMED;
offset += URLlength + 1;
size -= URLlength + 1;
}
if (OCRstreamFlag) {
+ if (size < 2)
+ return ERROR_MALFORMED;
offset += 2;
size -= 2;