diff options
author | Marco Nelissen <marcone@google.com> | 2016-11-11 09:20:00 -0800 |
---|---|---|
committer | mh0rst <mhorst@tzi.de> | 2017-01-13 11:50:22 +0100 |
commit | f5abeb809738e8b1f094d0601e882eab786d18de (patch) | |
tree | 2e6c1dc93ade4adfc5f1d15b02498efe455c1737 /media/libstagefright | |
parent | 8dea6a22058328109dc1fcb7450ca5553f35b4df (diff) | |
download | frameworks_av-f5abeb809738e8b1f094d0601e882eab786d18de.zip frameworks_av-f5abeb809738e8b1f094d0601e882eab786d18de.tar.gz frameworks_av-f5abeb809738e8b1f094d0601e882eab786d18de.tar.bz2 |
Make VBRISeeker more robust
Bug: 32577290
Change-Id: I9bcc9422ae7dd3ae4a38df330c9dcd7ac4941ec8
(cherry picked from commit 7fdd36418e945cf6a500018632dfb0ed8cb1a343)
(cherry picked from commit 453b351ac5bd2b6619925dc966da60adf6b3126c)
Diffstat (limited to 'media/libstagefright')
-rw-r--r-- | media/libstagefright/VBRISeeker.cpp | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/media/libstagefright/VBRISeeker.cpp b/media/libstagefright/VBRISeeker.cpp index 8a0fcac..5067ddc 100644 --- a/media/libstagefright/VBRISeeker.cpp +++ b/media/libstagefright/VBRISeeker.cpp @@ -83,8 +83,23 @@ sp<VBRISeeker> VBRISeeker::CreateFromSource( scale, entrySize); + if (entrySize > 4) { + ALOGE("invalid VBRI entry size: %zu", entrySize); + return NULL; + } + + sp<VBRISeeker> seeker = new (std::nothrow) VBRISeeker; + if (seeker == NULL) { + ALOGW("Couldn't allocate VBRISeeker"); + return NULL; + } + size_t totalEntrySize = numEntries * entrySize; - uint8_t *buffer = new uint8_t[totalEntrySize]; + uint8_t *buffer = new (std::nothrow) uint8_t[totalEntrySize]; + if (!buffer) { + ALOGW("Couldn't allocate %zu bytes", totalEntrySize); + return NULL; + } n = source->readAt(pos + sizeof(vbriHeader), buffer, totalEntrySize); if (n < (ssize_t)totalEntrySize) { @@ -94,7 +109,6 @@ sp<VBRISeeker> VBRISeeker::CreateFromSource( return NULL; } - sp<VBRISeeker> seeker = new VBRISeeker; seeker->mBasePos = post_id3_pos + frameSize; // only update mDurationUs if the calculated duration is valid (non zero) // otherwise, leave duration at -1 so that getDuration() and getOffsetForTime() |