diff options
| author | Joshua J. Drake <android-open-source@qoop.org> | 2015-04-08 23:13:02 -0500 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2015-04-09 17:34:16 -0700 |
| commit | e3e82d54c51a3130badcd9e433fe808d965f15c2 (patch) | |
| tree | 31874210a09b6de78a278ccc1eafd5702cfa7fb0 /media | |
| parent | 274f64c7d6367f13c7852256b10339a3b75529f2 (diff) | |
| download | frameworks_av-e3e82d54c51a3130badcd9e433fe808d965f15c2.zip frameworks_av-e3e82d54c51a3130badcd9e433fe808d965f15c2.tar.gz frameworks_av-e3e82d54c51a3130badcd9e433fe808d965f15c2.tar.bz2 | |
Fix multiple division-by-zero conditions in MPEG4 parsing
Several situations arise processing MP4 atoms that lead to undefined behavior
when dividing by zero. Typically this results in a crash (denial of service
condition).
NOTE: In most cases we simply avoid the division, leaving kKeyDuration unset.
It may be more desirable to bail out, as we do in the parseSegmentIndex case.
Bug: 20139950
Change-Id: I62e1b977f0e5ed0094094a55d300bac76b476c7b
Diffstat (limited to 'media')
| -rw-r--r-- | media/libstagefright/MPEG4Extractor.cpp | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp index 6019a85..87d14b7 100644 --- a/media/libstagefright/MPEG4Extractor.cpp +++ b/media/libstagefright/MPEG4Extractor.cpp @@ -1203,7 +1203,7 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) { duration = ntohl(duration32); } } - if (duration != 0) { + if (duration != 0 && mLastTrack->timescale != 0) { mLastTrack->meta->setInt64( kKeyDuration, (duration * 1000000) / mLastTrack->timescale); } @@ -1817,7 +1817,7 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) { } duration = d32; } - if (duration != 0) { + if (duration != 0 && mHeaderTimescale != 0) { mFileMetaData->setInt64(kKeyDuration, duration * 1000000 / mHeaderTimescale); } @@ -1866,7 +1866,7 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) { return ERROR_MALFORMED; } - if (duration != 0) { + if (duration != 0 && mHeaderTimescale != 0) { mFileMetaData->setInt64(kKeyDuration, duration * 1000000 / mHeaderTimescale); } @@ -2080,6 +2080,8 @@ status_t MPEG4Extractor::parseSegmentIndex(off64_t offset, size_t size) { return ERROR_MALFORMED; } ALOGV("sidx refid/timescale: %d/%d", referenceId, timeScale); + if (timeScale == 0) + return ERROR_MALFORMED; uint64_t earliestPresentationTime; uint64_t firstOffset; |