summaryrefslogtreecommitdiffstats
path: root/media
diff options
context:
space:
mode:
authorAndreas Huber <andih@google.com>2010-01-14 15:01:22 -0800
committerAndroid (Google) Code Review <android-gerrit@google.com>2010-01-14 15:01:22 -0800
commit2e26e7913c98827d5f0a54c9ca9b5e9ccba041d8 (patch)
tree9ae1b53b0d93cb2ddbf65c3eebea96e7caf0dba8 /media
parentb03fd8c97695d381e202f6a64989b51c7024c04a (diff)
parente8a084958c27327b0aca749f69095605d2a21309 (diff)
downloadframeworks_av-2e26e7913c98827d5f0a54c9ca9b5e9ccba041d8.zip
frameworks_av-2e26e7913c98827d5f0a54c9ca9b5e9ccba041d8.tar.gz
frameworks_av-2e26e7913c98827d5f0a54c9ca9b5e9ccba041d8.tar.bz2
Merge "Squashed commit of the following:"
Diffstat (limited to 'media')
-rw-r--r--media/libstagefright/MPEG4Extractor.cpp17
1 files changed, 15 insertions, 2 deletions
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp
index 9e7f1c7..07a5a82 100644
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -984,7 +984,14 @@ status_t MPEG4Source::read(
(const uint8_t *)mBuffer->data() + mBuffer->range_offset();
size_t nal_size = parseNALSize(src);
- CHECK(mBuffer->range_length() >= mNALLengthSize + nal_size);
+ if (mBuffer->range_length() < mNALLengthSize + nal_size) {
+ LOGE("incomplete NAL unit.");
+
+ mBuffer->release();
+ mBuffer = NULL;
+
+ return ERROR_MALFORMED;
+ }
MediaBuffer *clone = mBuffer->clone();
clone->set_range(mBuffer->range_offset() + mNALLengthSize, nal_size);
@@ -1023,7 +1030,13 @@ status_t MPEG4Source::read(
CHECK(srcOffset + mNALLengthSize <= size);
size_t nalLength = parseNALSize(&mSrcBuffer[srcOffset]);
srcOffset += mNALLengthSize;
- CHECK(srcOffset + nalLength <= size);
+
+ if (srcOffset + nalLength > size) {
+ mBuffer->release();
+ mBuffer = NULL;
+
+ return ERROR_MALFORMED;
+ }
if (nalLength == 0) {
continue;
generated by cgit v1.1 at 2025-10-20 01:09:36 +0000