diff options
| author | Nick Kralevich <nnk@google.com> | 2015-08-03 15:44:45 -0700 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2015-08-07 09:23:04 -0700 |
| commit | c570778430a22b5488cae72982cf9fb8033dbda3 (patch) | |
| tree | 4c849a3d50faeedaaf929ba26e95d3b6607a14d1 /media | |
| parent | 171b5fadb9d304f5e06686e4f3d060ef335d7250 (diff) | |
| download | frameworks_av-c570778430a22b5488cae72982cf9fb8033dbda3.zip frameworks_av-c570778430a22b5488cae72982cf9fb8033dbda3.tar.gz frameworks_av-c570778430a22b5488cae72982cf9fb8033dbda3.tar.bz2 | |
MPEG4Extractor.cpp: Add check for size == SIZE_MAX
If size == SIZE_MAX, the line:
uint8_t *buffer = new (std::nothrow) uint8_t[size + 1];
ends up allocating zero bytes, which is obviously incorrect.
(cherry picked from commit b2d33aee5122c91a59c2a676c0b89ad340232450)
Bug: 23031033
Change-Id: I8027247a4e24d2c8a8b4eac88c3643eccda108b9
Diffstat (limited to 'media')
| -rw-r--r-- | media/libstagefright/MPEG4Extractor.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp index d1b39dc..411946c 100644 --- a/media/libstagefright/MPEG4Extractor.cpp +++ b/media/libstagefright/MPEG4Extractor.cpp @@ -2217,7 +2217,7 @@ status_t MPEG4Extractor::parseTrackHeader( } status_t MPEG4Extractor::parseITunesMetaData(off64_t offset, size_t size) { - if (size < 4) { + if (size < 4 || size == SIZE_MAX) { return ERROR_MALFORMED; } |