frameworks_av.git - frameworks/av

diff options

author	Joshua J. Drake <android-open-source@qoop.org>	2015-05-04 18:36:35 -0500
committer	Paul Kocialkowski <contact@paulk.fr>	2015-08-31 00:22:02 +0200
commit	c40f2dc30a7e33526460750e43325a947845b4fb (patch)
tree	0d0417868b7190c730313f88cbcc97cf06fdb29e /tools
parent	dfaac4ee7320db3ae4b0149f262bd9f9d5397e96 (diff)
download	frameworks_av-c40f2dc30a7e33526460750e43325a947845b4fb.zip frameworks_av-c40f2dc30a7e33526460750e43325a947845b4fb.tar.gz frameworks_av-c40f2dc30a7e33526460750e43325a947845b4fb.tar.bz2

Prevent integer overflow when processing covr MPEG4 atoms

If the 'chunk_data_size' value is SIZE_MAX, an integer overflow will occur and cause an undersized buffer to be allocated. The following processing then overfills the resulting memory and creates a potentially exploitable condition. Ensure that integer overflow does not occur. Bug: 20923261 Change-Id: I75cce323aec04a612e5a230ecd7c2077ce06035f Signed-off-by: Joshua J. Drake <android-open-source@qoop.org> Tested-by: Moritz Bandemer <replicant@posteo.mx>

Diffstat (limited to 'tools')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: