Merge "Prevent integer underflow if size is below 6" into mnc-dev

author: Nick Kralevich <nnk@google.com> 2015-05-08 03:28:24 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2015-05-08 03:28:25 +0000
commit: f7cd8bfdb48c4237969bc16d25b6bec204073340 (patch)
tree: 00e74c0b9fcdec723b7f004bd7cfe7ab75d77973 /media
parent: 0d342b9a11557e228d6c94be92579d891ba830d8 (diff)
parent: 9458e715d391ee8fe455fc31f07ff35ce12e0531 (diff)
download: frameworks_av-f7cd8bfdb48c4237969bc16d25b6bec204073340.zip
frameworks_av-f7cd8bfdb48c4237969bc16d25b6bec204073340.tar.gz
frameworks_av-f7cd8bfdb48c4237969bc16d25b6bec204073340.tar.bz2
1 files changed, 4 insertions, 0 deletions
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp
index 7bcf181..b5eb2a4 100644
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -2682,6 +2682,10 @@ status_t MPEG4Extractor::parse3GPPMetaData(off64_t offset, size_t size, int dept
         int len16 = 0; // Number of UTF-16 characters
 
         // smallest possible valid UTF-16 string w BOM: 0xfe 0xff 0x00 0x00
+        if (size < 6) {
+            return ERROR_MALFORMED;
+        }
+
         if (size - 6 >= 4) {
             len16 = ((size - 6) / 2) - 1; // don't include 0x0000 terminator
             framedata = (char16_t *)(buffer + 6);
author	Nick Kralevich <nnk@google.com>	2015-05-08 03:28:24 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2015-05-08 03:28:25 +0000
commit	f7cd8bfdb48c4237969bc16d25b6bec204073340 (patch)
tree	00e74c0b9fcdec723b7f004bd7cfe7ab75d77973 /media
parent	0d342b9a11557e228d6c94be92579d891ba830d8 (diff)
parent	9458e715d391ee8fe455fc31f07ff35ce12e0531 (diff)
download	frameworks_av-f7cd8bfdb48c4237969bc16d25b6bec204073340.zip frameworks_av-f7cd8bfdb48c4237969bc16d25b6bec204073340.tar.gz frameworks_av-f7cd8bfdb48c4237969bc16d25b6bec204073340.tar.bz2