diff options
| author | Abhishek Arya <aarya@google.com> | 2015-08-18 16:47:03 +0000 |
|---|---|---|
| committer | Android Git Automerger <android-git-automerger@android.com> | 2015-08-18 16:47:03 +0000 |
| commit | 3459ea265ab8c61cca1b2ed97162fe3c3d05a698 (patch) | |
| tree | e3a2955f9811e59b1be09602f91f75bcd1d8f75c /media | |
| parent | 48bdf782f92a975f3597c40d175fa579adfd74d4 (diff) | |
| parent | de47cd3c5223bb0fdd7376f8ea21ba2f857bafbe (diff) | |
| download | frameworks_av-3459ea265ab8c61cca1b2ed97162fe3c3d05a698.zip frameworks_av-3459ea265ab8c61cca1b2ed97162fe3c3d05a698.tar.gz frameworks_av-3459ea265ab8c61cca1b2ed97162fe3c3d05a698.tar.bz2 | |
am de47cd3c: am 3b77e940: am d146d466: am 6f561b93: Merge "MatroskaExtractor: detect infinite loop when parsing NALs" into klp-dev
* commit 'de47cd3c5223bb0fdd7376f8ea21ba2f857bafbe':
MatroskaExtractor: detect infinite loop when parsing NALs
Diffstat (limited to 'media')
| -rw-r--r-- | media/libstagefright/matroska/MatroskaExtractor.cpp | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/media/libstagefright/matroska/MatroskaExtractor.cpp b/media/libstagefright/matroska/MatroskaExtractor.cpp index 9da835d..e53319b 100644 --- a/media/libstagefright/matroska/MatroskaExtractor.cpp +++ b/media/libstagefright/matroska/MatroskaExtractor.cpp @@ -21,6 +21,7 @@ #include "MatroskaExtractor.h" #include <media/stagefright/foundation/ADebug.h> +#include <media/stagefright/foundation/AUtils.h> #include <media/stagefright/foundation/hexdump.h> #include <media/stagefright/DataSource.h> #include <media/stagefright/MediaBuffer.h> @@ -631,7 +632,12 @@ status_t MatroskaSource::read( TRESPASS(); } - if (srcOffset + mNALSizeLen + NALsize > srcSize) { + if (srcOffset + mNALSizeLen + NALsize <= srcOffset + mNALSizeLen) { + frame->release(); + frame = NULL; + + return ERROR_MALFORMED; + } else if (srcOffset + mNALSizeLen + NALsize > srcSize) { break; } |