Merge "Don't crash for bitstream errors in AMPEG4ElementaryAssembler" into lmp-dev

author: Chong Zhang <chz@google.com> 2014-08-20 00:41:05 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2014-08-16 04:25:55 +0000
commit: a8143b2bbaabc3f704b05078ccc930dbc28591b9 (patch)
tree: 9ef955326cd74485e9143081d21eadd44bcf95f1 /media/libstagefright
parent: 5596d7c4ad388d1757398181b3a1453d731a1b41 (diff)
parent: dc9aa7e2cb903bb4ebfce558671a97088477bb6e (diff)
download: frameworks_av-a8143b2bbaabc3f704b05078ccc930dbc28591b9.zip
frameworks_av-a8143b2bbaabc3f704b05078ccc930dbc28591b9.tar.gz
frameworks_av-a8143b2bbaabc3f704b05078ccc930dbc28591b9.tar.bz2
1 files changed, 10 insertions, 5 deletions
diff --git a/media/libstagefright/rtsp/AMPEG4ElementaryAssembler.cpp b/media/libstagefright/rtsp/AMPEG4ElementaryAssembler.cpp
index 98b50dd..76f8f54 100644
--- a/media/libstagefright/rtsp/AMPEG4ElementaryAssembler.cpp
+++ b/media/libstagefright/rtsp/AMPEG4ElementaryAssembler.cpp
@@ -249,11 +249,15 @@ ARTPAssembler::AssemblyStatus AMPEG4ElementaryAssembler::addPacket(
         mPackets.push_back(buffer);
     } else {
         // hexdump(buffer->data(), buffer->size());
+        if (buffer->size() < 2) {
+            return MALFORMED_PACKET;
+        }
 
-        CHECK_GE(buffer->size(), 2u);
         unsigned AU_headers_length = U16_AT(buffer->data());  // in bits
 
-        CHECK_GE(buffer->size(), 2 + (AU_headers_length + 7) / 8);
+        if (buffer->size() < 2 + (AU_headers_length + 7) / 8) {
+            return MALFORMED_PACKET;
+        }
 
         List<AUHeader> headers;
 
@@ -342,7 +346,9 @@ ARTPAssembler::AssemblyStatus AMPEG4ElementaryAssembler::addPacket(
              it != headers.end(); ++it) {
             const AUHeader &header = *it;
 
-            CHECK_LE(offset + header.mSize, buffer->size());
+            if (buffer->size() < offset + header.mSize) {
+                return MALFORMED_PACKET;
+            }
 
             sp<ABuffer> accessUnit = new ABuffer(header.mSize);
             memcpy(accessUnit->data(), buffer->data() + offset, header.mSize);
@@ -352,8 +358,6 @@ ARTPAssembler::AssemblyStatus AMPEG4ElementaryAssembler::addPacket(
             CopyTimes(accessUnit, buffer);
             mPackets.push_back(accessUnit);
         }
-
-        CHECK_EQ(offset, buffer->size());
     }
 
     queue->erase(queue->begin());
@@ -400,6 +404,7 @@ ARTPAssembler::AssemblyStatus AMPEG4ElementaryAssembler::assembleMore(
         const sp<ARTPSource> &source) {
     AssemblyStatus status = addPacket(source);
     if (status == MALFORMED_PACKET) {
+        ALOGI("access unit is damaged");
         mAccessUnitDamaged = true;
     }
     return status;
author	Chong Zhang <chz@google.com>	2014-08-20 00:41:05 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2014-08-16 04:25:55 +0000
commit	a8143b2bbaabc3f704b05078ccc930dbc28591b9 (patch)
tree	9ef955326cd74485e9143081d21eadd44bcf95f1 /media/libstagefright
parent	5596d7c4ad388d1757398181b3a1453d731a1b41 (diff)
parent	dc9aa7e2cb903bb4ebfce558671a97088477bb6e (diff)
download	frameworks_av-a8143b2bbaabc3f704b05078ccc930dbc28591b9.zip frameworks_av-a8143b2bbaabc3f704b05078ccc930dbc28591b9.tar.gz frameworks_av-a8143b2bbaabc3f704b05078ccc930dbc28591b9.tar.bz2