summaryrefslogtreecommitdiffstats
path: root/media/libstagefright
diff options
context:
space:
mode:
authorMarco Nelissen <marcone@google.com>2016-11-11 09:20:00 -0800
committermh0rst <mhorst@tzi.de>2017-01-13 11:50:22 +0100
commitf5abeb809738e8b1f094d0601e882eab786d18de (patch)
tree2e6c1dc93ade4adfc5f1d15b02498efe455c1737 /media/libstagefright
parent8dea6a22058328109dc1fcb7450ca5553f35b4df (diff)
downloadframeworks_av-f5abeb809738e8b1f094d0601e882eab786d18de.zip
frameworks_av-f5abeb809738e8b1f094d0601e882eab786d18de.tar.gz
frameworks_av-f5abeb809738e8b1f094d0601e882eab786d18de.tar.bz2
Make VBRISeeker more robust
Bug: 32577290 Change-Id: I9bcc9422ae7dd3ae4a38df330c9dcd7ac4941ec8 (cherry picked from commit 7fdd36418e945cf6a500018632dfb0ed8cb1a343) (cherry picked from commit 453b351ac5bd2b6619925dc966da60adf6b3126c)
Diffstat (limited to 'media/libstagefright')
-rw-r--r--media/libstagefright/VBRISeeker.cpp18
1 files changed, 16 insertions, 2 deletions
diff --git a/media/libstagefright/VBRISeeker.cpp b/media/libstagefright/VBRISeeker.cpp
index 8a0fcac..5067ddc 100644
--- a/media/libstagefright/VBRISeeker.cpp
+++ b/media/libstagefright/VBRISeeker.cpp
@@ -83,8 +83,23 @@ sp<VBRISeeker> VBRISeeker::CreateFromSource(
scale,
entrySize);
+ if (entrySize > 4) {
+ ALOGE("invalid VBRI entry size: %zu", entrySize);
+ return NULL;
+ }
+
+ sp<VBRISeeker> seeker = new (std::nothrow) VBRISeeker;
+ if (seeker == NULL) {
+ ALOGW("Couldn't allocate VBRISeeker");
+ return NULL;
+ }
+
size_t totalEntrySize = numEntries * entrySize;
- uint8_t *buffer = new uint8_t[totalEntrySize];
+ uint8_t *buffer = new (std::nothrow) uint8_t[totalEntrySize];
+ if (!buffer) {
+ ALOGW("Couldn't allocate %zu bytes", totalEntrySize);
+ return NULL;
+ }
n = source->readAt(pos + sizeof(vbriHeader), buffer, totalEntrySize);
if (n < (ssize_t)totalEntrySize) {
@@ -94,7 +109,6 @@ sp<VBRISeeker> VBRISeeker::CreateFromSource(
return NULL;
}
- sp<VBRISeeker> seeker = new VBRISeeker;
seeker->mBasePos = post_id3_pos + frameSize;
// only update mDurationUs if the calculated duration is valid (non zero)
// otherwise, leave duration at -1 so that getDuration() and getOffsetForTime()