summaryrefslogtreecommitdiffstats
path: root/media
diff options
context:
space:
mode:
authorWei Jia <wjia@google.com>2015-06-30 22:03:18 +0000
committerAndroid Git Automerger <android-git-automerger@android.com>2015-06-30 22:03:18 +0000
commitca12af3ff5b7b9c37150209f6369ec511e010ffa (patch)
treedb30e092fc70a771b08fdf1e7dbfebf37150836e /media
parentac85eb2ce87fd3a58931c119bd2209285b9a8c98 (diff)
parent2d80c0a13c40f29d2a4b4aca8765705cbb4b2fe8 (diff)
downloadframeworks_av-ca12af3ff5b7b9c37150209f6369ec511e010ffa.zip
frameworks_av-ca12af3ff5b7b9c37150209f6369ec511e010ffa.tar.gz
frameworks_av-ca12af3ff5b7b9c37150209f6369ec511e010ffa.tar.bz2
am 2d80c0a1: am a549658b: am 7397892d: am 402eaab9: am 370290f4: am bcd5edf9: am 13c925ca: am 6ff53b96: Merge "Prevent integer overflow when processing covr MPEG4 atoms" into klp-dev
* commit '2d80c0a13c40f29d2a4b4aca8765705cbb4b2fe8': Prevent integer overflow when processing covr MPEG4 atoms
Diffstat (limited to 'media')
-rw-r--r--media/libstagefright/MPEG4Extractor.cpp4
1 files changed, 4 insertions, 0 deletions
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp
index 3f8d7d5..71d19c0 100644
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -1936,6 +1936,10 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {
if (mFileMetaData != NULL) {
ALOGV("chunk_data_size = %lld and data_offset = %lld",
chunk_data_size, data_offset);
+
+ if (chunk_data_size >= SIZE_MAX - 1) {
+ return ERROR_MALFORMED;
+ }
sp<ABuffer> buffer = new ABuffer(chunk_data_size + 1);
if (mDataSource->readAt(
data_offset, buffer->data(), chunk_data_size) != (ssize_t)chunk_data_size) {
generated by cgit v1.1 at 2024-05-29 11:49:27 +0000