summaryrefslogtreecommitdiffstats
path: root/media
diff options
context:
space:
mode:
authorMarco Nelissen <marcone@google.com>2015-07-24 09:18:36 -0700
committerMarco Nelissen <marcone@google.com>2015-07-27 11:17:01 -0700
commit529c595b083f8a4c3175e2350fba5547e6008e00 (patch)
tree0f05d16ddb279e3faef71081a06a493ebbb5e5ad /media
parent6134ad6fdeab91e54a1abc8f00eafc956e42fb3d (diff)
downloadframeworks_av-529c595b083f8a4c3175e2350fba5547e6008e00.zip
frameworks_av-529c595b083f8a4c3175e2350fba5547e6008e00.tar.gz
frameworks_av-529c595b083f8a4c3175e2350fba5547e6008e00.tar.bz2
Check vector size before accessing
Bug: 22388975 Change-Id: I3c157b1029d37f6a22e6302ea7b52077fe27ce53
Diffstat (limited to 'media')
-rwxr-xr-xmedia/libstagefright/MPEG4Extractor.cpp9
1 files changed, 9 insertions, 0 deletions
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp
index 26b07d4..0b07717 100755
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -3587,8 +3587,17 @@ status_t MPEG4Source::parseSampleAuxiliaryInformationOffsets(
int ivlength;
CHECK(mFormat->findInt32(kKeyCryptoDefaultIVSize, &ivlength));
+ // only 0, 8 and 16 byte initialization vectors are supported
+ if (ivlength != 0 && ivlength != 8 && ivlength != 16) {
+ ALOGW("unsupported IV length: %d", ivlength);
+ return ERROR_MALFORMED;
+ }
// read CencSampleAuxiliaryDataFormats
for (size_t i = 0; i < mCurrentSampleInfoCount; i++) {
+ if (i >= mCurrentSamples.size()) {
+ ALOGW("too few samples");
+ break;
+ }
Sample *smpl = &mCurrentSamples.editItemAt(i);
memset(smpl->iv, 0, 16);
generated by cgit v1.1 at 2024-06-23 14:23:23 +0000