diff options
author | Wei Jia <wjia@google.com> | 2015-06-30 22:03:18 +0000 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2015-06-30 22:03:18 +0000 |
commit | ca12af3ff5b7b9c37150209f6369ec511e010ffa (patch) | |
tree | db30e092fc70a771b08fdf1e7dbfebf37150836e /media | |
parent | ac85eb2ce87fd3a58931c119bd2209285b9a8c98 (diff) | |
parent | 2d80c0a13c40f29d2a4b4aca8765705cbb4b2fe8 (diff) | |
download | frameworks_av-ca12af3ff5b7b9c37150209f6369ec511e010ffa.zip frameworks_av-ca12af3ff5b7b9c37150209f6369ec511e010ffa.tar.gz frameworks_av-ca12af3ff5b7b9c37150209f6369ec511e010ffa.tar.bz2 |
am 2d80c0a1: am a549658b: am 7397892d: am 402eaab9: am 370290f4: am bcd5edf9: am 13c925ca: am 6ff53b96: Merge "Prevent integer overflow when processing covr MPEG4 atoms" into klp-dev
* commit '2d80c0a13c40f29d2a4b4aca8765705cbb4b2fe8':
Prevent integer overflow when processing covr MPEG4 atoms
Diffstat (limited to 'media')
-rw-r--r-- | media/libstagefright/MPEG4Extractor.cpp | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp index 3f8d7d5..71d19c0 100644 --- a/media/libstagefright/MPEG4Extractor.cpp +++ b/media/libstagefright/MPEG4Extractor.cpp @@ -1936,6 +1936,10 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) { if (mFileMetaData != NULL) { ALOGV("chunk_data_size = %lld and data_offset = %lld", chunk_data_size, data_offset); + + if (chunk_data_size >= SIZE_MAX - 1) { + return ERROR_MALFORMED; + } sp<ABuffer> buffer = new ABuffer(chunk_data_size + 1); if (mDataSource->readAt( data_offset, buffer->data(), chunk_data_size) != (ssize_t)chunk_data_size) { |