Merge "Fix integer overflow when handling MPEG4 tx3g atom" into mnc-dev

author: Nick Kralevich <nnk@google.com> 2015-05-08 03:30:17 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2015-05-08 03:30:17 +0000
commit: f9d108cec6710dd35baaa8573eb6d38161240b98 (patch)
tree: bf826318ce652ff41b87b86abae1d497c7190b3d /media
parent: f7cd8bfdb48c4237969bc16d25b6bec204073340 (diff)
parent: dc69f4856187904bfb0d12a72cdf5a563a0deff2 (diff)
download: frameworks_av-f9d108cec6710dd35baaa8573eb6d38161240b98.zip
frameworks_av-f9d108cec6710dd35baaa8573eb6d38161240b98.tar.gz
frameworks_av-f9d108cec6710dd35baaa8573eb6d38161240b98.tar.bz2
1 files changed, 4 insertions, 0 deletions
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp
index b5eb2a4..9bb0179 100644
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -1981,6 +1981,10 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) {
                 size = 0;
             }
 
+            if (SIZE_MAX - chunk_size <= size) {
+                return ERROR_MALFORMED;
+            }
+
             uint8_t *buffer = new (std::nothrow) uint8_t[size + chunk_size];
             if (buffer == NULL) {
                 return ERROR_MALFORMED;
author	Nick Kralevich <nnk@google.com>	2015-05-08 03:30:17 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2015-05-08 03:30:17 +0000
commit	f9d108cec6710dd35baaa8573eb6d38161240b98 (patch)
tree	bf826318ce652ff41b87b86abae1d497c7190b3d /media
parent	f7cd8bfdb48c4237969bc16d25b6bec204073340 (diff)
parent	dc69f4856187904bfb0d12a72cdf5a563a0deff2 (diff)
download	frameworks_av-f9d108cec6710dd35baaa8573eb6d38161240b98.zip frameworks_av-f9d108cec6710dd35baaa8573eb6d38161240b98.tar.gz frameworks_av-f9d108cec6710dd35baaa8573eb6d38161240b98.tar.bz2