diff options
| author | Steve Kondik <shade@chemlab.org> | 2016-02-29 17:32:19 -0800 |
|---|---|---|
| committer | Keith Mok <kmok@cyngn.com> | 2016-03-01 09:11:15 -0800 |
| commit | 808632f7bf0a897fb55cc38170ad6c1b2fd86ba2 (patch) | |
| tree | f40a0fdab15259e17b769aa59788ec5fdccec0ce /media | |
| parent | c5fa90a809c9e7a98e32373a4dea6b3e46a0e92c (diff) | |
| download | frameworks_av-808632f7bf0a897fb55cc38170ad6c1b2fd86ba2.zip frameworks_av-808632f7bf0a897fb55cc38170ad6c1b2fd86ba2.tar.gz frameworks_av-808632f7bf0a897fb55cc38170ad6c1b2fd86ba2.tar.bz2 | |
stagefright: Don't crash on invalid / null AVCC atoms in MKV
* Seen in the wild. If a file contains an invalid track, skip it.
* Also correct AVCC atom size check in Matroska extractor.
REF: CYNGNOS-2168
Change-Id: I589aadbd689c9a00e1dca613e61fcec5b06ed69a
Diffstat (limited to 'media')
| -rwxr-xr-x | media/libstagefright/MPEG4Extractor.cpp | 12 | ||||
| -rw-r--r-- | media/libstagefright/matroska/MatroskaExtractor.cpp | 13 |
2 files changed, 14 insertions, 11 deletions
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp index c928495..3baf6b6 100755 --- a/media/libstagefright/MPEG4Extractor.cpp +++ b/media/libstagefright/MPEG4Extractor.cpp @@ -3325,11 +3325,13 @@ MPEG4Source::MPEG4Source( const uint8_t *ptr = (const uint8_t *)data; - CHECK(size >= 7); - CHECK_EQ((unsigned)ptr[0], 1u); // configurationVersion == 1 - - // The number of bytes used to encode the length of a NAL unit. - mNALLengthSize = 1 + (ptr[4] & 3); + if (size < 7 || ptr[0] != 1) { + ALOGE("Invalid AVCC atom, size %zu, configurationVersion: %d", + size, ptr[0]); + } else { + // The number of bytes used to encode the length of a NAL unit. + mNALLengthSize = 1 + (ptr[4] & 3); + } } else if (mIsHEVC) { uint32_t type; const void *data; diff --git a/media/libstagefright/matroska/MatroskaExtractor.cpp b/media/libstagefright/matroska/MatroskaExtractor.cpp index c1fa240..b2463e7 100644 --- a/media/libstagefright/matroska/MatroskaExtractor.cpp +++ b/media/libstagefright/matroska/MatroskaExtractor.cpp @@ -224,18 +224,19 @@ MatroskaSource::MatroskaSource( mIsAudio = !strncasecmp("audio/", mime, 6); if (!strcasecmp(mime, MEDIA_MIMETYPE_VIDEO_AVC)) { - mType = AVC; - uint32_t dummy; const uint8_t *avcc; size_t avccSize; CHECK(meta->findData( kKeyAVCC, &dummy, (const void **)&avcc, &avccSize)); - CHECK_GE(avccSize, 5u); - - mNALSizeLen = 1 + (avcc[4] & 3); - ALOGV("mNALSizeLen = %zu", mNALSizeLen); + if (avccSize < 7) { + ALOGW("Invalid AVCC atom in track, size %zu", avccSize); + } else { + mNALSizeLen = 1 + (avcc[4] & 3); + ALOGV("mNALSizeLen = %zu", mNALSizeLen); + mType = AVC; + } } else if (!strcasecmp(mime, MEDIA_MIMETYPE_VIDEO_HEVC)) { mType = HEVC; |