summaryrefslogtreecommitdiffstats
path: root/media
diff options
context:
space:
mode:
authorWei Jia <wjia@google.com>2015-10-06 16:21:35 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>2015-10-06 16:21:35 +0000
commit9ab9c85e39f089f355faa9cd9db6d113dc482e61 (patch)
treeacc874f0654c62b26b9d38309e2ed68f94ab0dd3 /media
parent257b3bc581bbc65318a4cc2d3c22a07a4429dc1d (diff)
parente6d904fe5f6e7c7fc1d5fca2798dd3512468b118 (diff)
downloadframeworks_av-9ab9c85e39f089f355faa9cd9db6d113dc482e61.zip
frameworks_av-9ab9c85e39f089f355faa9cd9db6d113dc482e61.tar.gz
frameworks_av-9ab9c85e39f089f355faa9cd9db6d113dc482e61.tar.bz2
Merge "MPEG4Extractor: ensure buffer size is not less than 8 for LastCommentData." into klp-dev
Diffstat (limited to 'media')
-rw-r--r--media/libstagefright/MPEG4Extractor.cpp6
1 files changed, 6 insertions, 0 deletions
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp
index 92065d1..990aa54 100644
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -2153,6 +2153,12 @@ status_t MPEG4Extractor::parseMetaData(off64_t offset, size_t size) {
mLastCommentName.setTo((const char *)buffer + 4);
break;
case FOURCC('d', 'a', 't', 'a'):
+ if (size < 8) {
+ delete[] buffer;
+ buffer = NULL;
+ ALOGE("b/24346430");
+ return ERROR_MALFORMED;
+ }
mLastCommentData.setTo((const char *)buffer + 8);
break;
}
generated by cgit v1.1 at 2024-05-17 11:09:15 +0000