summaryrefslogtreecommitdiffstats
path: root/media/libstagefright/MPEG4Extractor.cpp
Commit message (Collapse)AuthorAgeFilesLines
...
| | | | | | * | | Check vector size before accessingMarco Nelissen2015-08-151-0/+9
| | | | | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: 22388975 Change-Id: I3c157b1029d37f6a22e6302ea7b52077fe27ce53 (cherry picked from commit 529c595b083f8a4c3175e2350fba5547e6008e00)
| * | | | | | | am 4f0ff02b: am 46f7acbb: am 3175ff3f: am 90eee339: am 652926c8: am ↵Wei Jia2015-08-201-1/+1
| |\ \ \ \ \ \ \ | | |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 74d3170f: Merge "Fix comparison sign warnings." into klp-dev * commit '4f0ff02b159892bfa5d3d298efc165e96f93288b': Fix comparison sign warnings.
| | * | | | | | am 3175ff3f: am 90eee339: am 652926c8: am 74d3170f: Merge "Fix comparison ↵Wei Jia2015-08-181-1/+1
| | |\ \ \ \ \ \ | | | |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | sign warnings." into klp-dev * commit '3175ff3f343ecd85700e2029d7709ce960272967': Fix comparison sign warnings.
| | | * | | | | am 652926c8: am 74d3170f: Merge "Fix comparison sign warnings." into klp-devWei Jia2015-08-181-1/+1
| | | |\ \ \ \ \ | | | | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | * commit '652926c8a37fb904aaa0756a0d0bae0574f308c5': Fix comparison sign warnings.
| | | | * | | | am 74d3170f: Merge "Fix comparison sign warnings." into klp-devWei Jia2015-08-181-1/+1
| | | | |\ \ \ \ | | | | | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | * commit '74d3170ffc02620fcedb5a98c7a66e83ee2faa87': Fix comparison sign warnings.
| | | | | * | | Fix comparison sign warnings.Dan Albert2015-08-151-1/+1
| | | | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug:23213430 Change-Id: I6f2e2b03b968a569b122004b4803c5d17fccfb12 (cherry picked from commit 635bc8f90429b2fdcaf7f8d43f7f59bcd0fe951c)
| | | | * | | resolved conflicts for merge of c86eae32 to klp-modular-devNick Kralevich2015-08-101-1/+1
| | | | |\ \ \ | | | | | |/ / | | | | | | | | | | | | | | Change-Id: I127912aed9c9e57a985c46bee13d111e159d2c6f
| | | | | * | am 9d9491f9: am 0dbd0d7b: am c9924410: am 2fe61ed0: am 3b8d3fa0: am ↵Nick Kralevich2015-08-111-1/+1
| | | | | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 186d1fb9: am f4dfe12e: am 54d88fe2: am aa8dab77: Merge "MPEG4Extractor.cpp: Add check for size == SIZE_MAX" into jb-dev * commit '9d9491f9fb83523cfe68f2aa26c14f72f70812fc': MPEG4Extractor.cpp: Add check for size == SIZE_MAX
| | | | | | * \ am c9924410: am 2fe61ed0: am 3b8d3fa0: am 186d1fb9: am f4dfe12e: am ↵Nick Kralevich2015-08-111-1/+1
| | | | | | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 54d88fe2: am aa8dab77: Merge "MPEG4Extractor.cpp: Add check for size == SIZE_MAX" into jb-dev * commit 'c99244105803ac32f4cc698b5b2a85b225d925a2': MPEG4Extractor.cpp: Add check for size == SIZE_MAX
| | | | | | | * \ am 2fe61ed0: am 3b8d3fa0: am 186d1fb9: am f4dfe12e: am 54d88fe2: am ↵Nick Kralevich2015-08-111-1/+1
| | | | | | | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | aa8dab77: Merge "MPEG4Extractor.cpp: Add check for size == SIZE_MAX" into jb-dev * commit '2fe61ed032e083dc39265f3b88274fcb8fbeed9b': MPEG4Extractor.cpp: Add check for size == SIZE_MAX
| | | | | | | | * \ am 54d88fe2: am aa8dab77: Merge "MPEG4Extractor.cpp: Add check for size == ↵Nick Kralevich2015-08-111-1/+1
| | | | | | | | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SIZE_MAX" into jb-dev * commit '54d88fe2f17b1c5c6e4d0d1d1e36089fea3a1df0': MPEG4Extractor.cpp: Add check for size == SIZE_MAX
| | | | | | | | | * \ Merge "MPEG4Extractor.cpp: Add check for size == SIZE_MAX" into jb-devNick Kralevich2015-08-081-1/+1
| | | | | | | | | |\ \
| | | | | | | | | | * | MPEG4Extractor.cpp: Add check for size == SIZE_MAXNick Kralevich2015-08-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If size == SIZE_MAX, the line: uint8_t *buffer = new (std::nothrow) uint8_t[size + 1]; ends up allocating zero bytes, which is obviously incorrect. This is conceptually a cherrypick of commit b2d33aee5122c91a59c2a676c0b89ad340232450 , but specifically for Android 4.1 through Android 4.4. In Android 5.0, new code was introduced which caused the function parseMetaData() to be renamed. Bug: 23031033 Change-Id: Ib34e740f3292a484f8a24e513c1cce58f2f33ecb
* | | | | | | | | | | | libstagefright: fix overflow in ↵Wei Jia2015-08-191-1/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | MPEG4Source::parseSampleAuxiliaryInformationOffsets. Bug: 23270724 Change-Id: Id7ba55c7bf6860fbfc892bbb6378aac644c82da4
* | | | | | | | | | | | am 5aa85d05: am 74cda34a: am 41d93c2f: am c88ddfc0: am 2abbc048: am ↵Nick Kralevich2015-08-081-1/+1
|\ \ \ \ \ \ \ \ \ \ \ \ | |/ / / / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ba34c2ba: am f59348ed: am 0080e03e: am 3ebcce0e: am 2c0f9591: am fea5921b: am 9fff1d37: am d9d35098: am af6b3a6b: am bce77a36: am 0e20b209: MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX * commit '5aa85d05aaeb5509597b7876942b6f5e543a451c': MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
| * | | | | | | | | | | am 74cda34a: am 41d93c2f: am c88ddfc0: am 2abbc048: am ba34c2ba: am ↵Nick Kralevich2015-08-081-1/+1
| |\ \ \ \ \ \ \ \ \ \ \ | | |/ / / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | f59348ed: am 0080e03e: am 3ebcce0e: am 2c0f9591: am fea5921b: am 9fff1d37: am d9d35098: am af6b3a6b: am bce77a36: am 0e20b209: MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX * commit '74cda34ac909eb713cec22bebb08ecaeefd8f7dd': MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
| | * | | | | | | | | | am c88ddfc0: am 2abbc048: am ba34c2ba: am f59348ed: am 0080e03e: am ↵Nick Kralevich2015-08-081-1/+1
| | |\ \ \ \ \ \ \ \ \ \ | | | |/ / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 3ebcce0e: am 2c0f9591: am fea5921b: am 9fff1d37: am d9d35098: am af6b3a6b: am bce77a36: am 0e20b209: MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX * commit 'c88ddfc09338969a4c8fc32be1d3dffb9022a237': MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
| | | * | | | | | | | | am ba34c2ba: am f59348ed: am 0080e03e: am 3ebcce0e: am 2c0f9591: am ↵Nick Kralevich2015-08-081-1/+1
| | | |\ \ \ \ \ \ \ \ \ | | | | |/ / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fea5921b: am 9fff1d37: am d9d35098: am af6b3a6b: am bce77a36: am 0e20b209: MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX * commit 'ba34c2ba414352ed0c1b9188f51c5445b04af2c6': MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
| | | | * | | | | | | | am f59348ed: am 0080e03e: am 3ebcce0e: am 2c0f9591: am fea5921b: am ↵Nick Kralevich2015-08-081-1/+1
| | | | |\ \ \ \ \ \ \ \ | | | | | |/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 9fff1d37: am d9d35098: am af6b3a6b: am bce77a36: am 0e20b209: MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX * commit 'f59348edfc54baa8f6e6532c6484656cf444d199': MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
| | | | | * | | | | | | am 0080e03e: am 3ebcce0e: am 2c0f9591: am fea5921b: am 9fff1d37: am ↵Nick Kralevich2015-08-081-1/+1
| | | | | |\ \ \ \ \ \ \ | | | | | | |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | d9d35098: am af6b3a6b: am bce77a36: am 0e20b209: MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX * commit '0080e03e2a69dcb5ecbcb2848f358ca73163714c': MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
| | | | | | * | | | | | am 2c0f9591: am fea5921b: am 9fff1d37: am d9d35098: am af6b3a6b: am ↵Nick Kralevich2015-08-081-1/+1
| | | | | | |\ \ \ \ \ \ | | | | | | | |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | bce77a36: am 0e20b209: MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX * commit '2c0f959112a1d9048e8dc527f2f9dc0cc3e490c9': MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
| | | | | | | * | | | | am fea5921b: am 9fff1d37: am d9d35098: am af6b3a6b: am bce77a36: am ↵Nick Kralevich2015-08-081-1/+1
| | | | | | | |\ \ \ \ \ | | | | | | | | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 0e20b209: MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX * commit 'fea5921b975cf43c88b8f93d4f2500abde6088be': MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
| | | | | | | | * | | | am bce77a36: am 0e20b209: MPEG4Extractor.cpp: handle chunk_size > SIZE_MAXNick Kralevich2015-08-071-1/+1
| | | | | | | | |\ \ \ \ | | | | | | | | | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit 'bce77a36125b25ce864b40bd5938ca89becea898': MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
| | | | | | | | | * | | MPEG4Extractor.cpp: handle chunk_size > SIZE_MAXNick Kralevich2015-08-071-1/+1
| | | | | | | | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | chunk_size is a uint64_t, so it can legitimately be bigger than SIZE_MAX, which would cause the subtraction to underflow. https://code.google.com/p/android/issues/detail?id=182251 Bug: 23034759 Change-Id: Ic1637fb26bf6edb0feb1bcf2876fd370db1ed547
| | | | | | * | | | | am 11c88f66: am 2796ba1c: am a555788d: am 0e33cb2d: am e4ccf3a1: am ↵Joshua J. Drake2015-08-071-0/+4
| | | | | | |\ \ \ \ \ | | | | | | | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 3329a19b: am c87faed6: Fix integer underflow in covr MPEG4 processing * commit '11c88f66205dd9095cbe87f3486ef7262e4d2e22': Fix integer underflow in covr MPEG4 processing
| | | | | | | * | | | am 2796ba1c: am a555788d: am 0e33cb2d: am e4ccf3a1: am 3329a19b: am ↵Joshua J. Drake2015-08-071-0/+4
| | | | | | | |\ \ \ \ | | | | | | | | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | c87faed6: Fix integer underflow in covr MPEG4 processing * commit '2796ba1c511517a4904d10d1fdc830c86d161342': Fix integer underflow in covr MPEG4 processing
| | | | | | | | * | | am 3329a19b: am c87faed6: Fix integer underflow in covr MPEG4 processingJoshua J. Drake2015-08-041-0/+4
| | | | | | | | |\ \ \ | | | | | | | | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit '3329a19b4d11d3c1310bbe9aa54b6a66488ab862': Fix integer underflow in covr MPEG4 processing
| | | | | | | | | * | Fix integer underflow in covr MPEG4 processingJoshua J. Drake2015-08-041-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the 'chunk_data_size' variable is less than 'kSkipBytesOfDataBox', an integer underflow can occur. This causes an extraordinarily large value to be passed to MetaData::setData, leading to a buffer overflow. Bug: 20923261 (cherry picked from commit 4a492bf2ac47b9844d2527e1fcdf0064c3d8d52e) Change-Id: I83490cbaf5b368073fcd8668a9241dfc90bebd90
| | | | | | * | | | | am bb99a362: am 8d60fc3e: am 338bbf53: am fd334e34: am 03d539a7: am ↵Joshua J. Drake2015-08-071-0/+7
| | | | | | |\ \ \ \ \ | | | | | | | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a5b9055d: am f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom * commit 'bb99a362dc76f9bf040f6256369fabf27ad1c2f5': Fix integer overflow when handling MPEG4 tx3g atom
| | | | | | | * | | | am 8d60fc3e: am 338bbf53: am fd334e34: am 03d539a7: am a5b9055d: am ↵Joshua J. Drake2015-08-071-0/+7
| | | | | | | |\ \ \ \ | | | | | | | | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom * commit '8d60fc3e3ecd4d7c2b18f25962f0ea42f3644ebd': Fix integer overflow when handling MPEG4 tx3g atom
| | | | | | | | * | | am a5b9055d: am f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atomJoshua J. Drake2015-08-041-0/+7
| | | | | | | | |\ \ \ | | | | | | | | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit 'a5b9055d7ce1d82ee29ed2f45aa4f8a82ccc76f2': Fix integer overflow when handling MPEG4 tx3g atom
| | | | | | | | | * | Fix integer overflow when handling MPEG4 tx3g atomJoshua J. Drake2015-08-041-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the sum of the 'size' and 'chunk_size' variables is larger than 2^32, an integer overflow occurs. Using the result value to allocate memory leads to an undersized buffer allocation and later a potentially exploitable heap corruption condition. Ensure that integer overflow does not occur. Bug: 20923261 (cherry picked from commit e5f0966c76bd0a7e81e4205c8d8b55e6b34c833e) Change-Id: I3f240f75fd681becbf89cb7e7554388471c28059
| | | | | | * | | | | am 430475da: resolved conflicts for merge of 0b3eca88 to jb-mr1-dev-plus-aospNick Kralevich2015-08-071-0/+3
| | | | | | |\ \ \ \ \ | | | | | | | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit '430475da7f0edb86ee6a85378d1583ab07f7f93d': Prevent integer overflow when processing covr MPEG4 atoms
| | | | | | | * | | | resolved conflicts for merge of 0b3eca88 to jb-mr1-dev-plus-aospNick Kralevich2015-08-071-0/+3
| | | | | | | |\ \ \ \ | | | | | | | | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: 20923261 Change-Id: I6fe12a7c5768f77454bd0391b07f4c3181607d14
| | | | | | | | * | | am 9481a101: am a81b3779: Prevent integer overflow when processing covr ↵Joshua J. Drake2015-08-041-0/+3
| | | | | | | | |\ \ \ | | | | | | | | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | MPEG4 atoms * commit '9481a101f8246263d969af66a7b39fad7346772e': Prevent integer overflow when processing covr MPEG4 atoms
| | | | | | | | | * | Prevent integer overflow when processing covr MPEG4 atomsJoshua J. Drake2015-08-041-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the 'chunk_data_size' value is SIZE_MAX, an integer overflow will occur and cause an undersized buffer to be allocated. The following processing then overfills the resulting memory and creates a potentially exploitable condition. Ensure that integer overflow does not occur. (cherrypicked from commit 05ddc499b9d50c90f552ed1333110f28a1406e7c) Bug: 20923261 Change-Id: If09a02738759acdff8d95149bb9cb5f18a0a123e
| * | | | | | | | | | am 6323529b: am 2424d28b: am c40ef744: am af3c0475: am 9c67741f: am ↵Marco Nelissen2015-08-081-3/+15
| |\ \ \ \ \ \ \ \ \ \ | | |/ / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 2e637bfd: Merge "Extra sanity checks on sample size and resolution" into klp-dev * commit '6323529b60f29ad1e18757f4aadc08f2aa0e846b': Extra sanity checks on sample size and resolution
| | * | | | | | | | | am c40ef744: am af3c0475: am 9c67741f: am 2e637bfd: Merge "Extra sanity ↵Marco Nelissen2015-08-081-3/+15
| | |\ \ \ \ \ \ \ \ \ | | | |/ / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | checks on sample size and resolution" into klp-dev * commit 'c40ef74448ddb09b676cc4c79a202ee73fccad39': Extra sanity checks on sample size and resolution
| | | * | | | | | | | am 9c67741f: am 2e637bfd: Merge "Extra sanity checks on sample size and ↵Marco Nelissen2015-08-081-3/+15
| | | |\ \ \ \ \ \ \ \ | | | | |/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | resolution" into klp-dev * commit '9c67741f9f7ccc1007c7ecb44b8037210c733723': Extra sanity checks on sample size and resolution
| | | | * | | | | | | am 2e637bfd: Merge "Extra sanity checks on sample size and resolution" into ↵Marco Nelissen2015-08-081-3/+15
| | | | |\ \ \ \ \ \ \ | | | | | |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | klp-dev * commit '2e637bfd64c59200414130671e32e3e087e9f147': Extra sanity checks on sample size and resolution
| | | | | * | | | | | Extra sanity checks on sample size and resolutionMarco Nelissen2015-08-051-3/+15
| | | | | | |_|_|_|/ | | | | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of rejecting the samples later when they don't fit in the buffer, reject the entire file early. Bug: 22882938 Change-Id: I748153b0e9e827e3f2526468756295b4b5000de6 (cherry picked from commit beef7e58c1f1837bdaed6ac37414d8c48a133813)
* | | | | | | | | | am 1a053a0a: am 6f3dc2f3: am c253c1fd: am b449e469: am c5707784: ↵Nick Kralevich2015-08-071-1/+1
|\ \ \ \ \ \ \ \ \ \ | |/ / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | MPEG4Extractor.cpp: Add check for size == SIZE_MAX * commit '1a053a0ae002cdda31c39d4c7447b1f7e65dfec6': MPEG4Extractor.cpp: Add check for size == SIZE_MAX
| * | | | | | | | | am 6f3dc2f3: am c253c1fd: am b449e469: am c5707784: MPEG4Extractor.cpp: Add ↵Nick Kralevich2015-08-071-1/+1
| |\ \ \ \ \ \ \ \ \ | | |/ / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | check for size == SIZE_MAX * commit '6f3dc2f34ed8043d30937f436979ef360dcf3774': MPEG4Extractor.cpp: Add check for size == SIZE_MAX
| | * | | | | | | | am b449e469: am c5707784: MPEG4Extractor.cpp: Add check for size == SIZE_MAXNick Kralevich2015-08-071-1/+1
| | |\ \ \ \ \ \ \ \ | | | |/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit 'b449e46904854eccea79a40e16b2ba5132611bf3': MPEG4Extractor.cpp: Add check for size == SIZE_MAX
| | | * | | | | | | MPEG4Extractor.cpp: Add check for size == SIZE_MAXNick Kralevich2015-08-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If size == SIZE_MAX, the line: uint8_t *buffer = new (std::nothrow) uint8_t[size + 1]; ends up allocating zero bytes, which is obviously incorrect. (cherry picked from commit b2d33aee5122c91a59c2a676c0b89ad340232450) Bug: 23031033 Change-Id: I8027247a4e24d2c8a8b4eac88c3643eccda108b9
| * | | | | | | | | am 2d80c0a1: am a549658b: am 7397892d: am 402eaab9: am 370290f4: am ↵Wei Jia2015-06-301-0/+4
| |\ \ \ \ \ \ \ \ \ | | |/ / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | bcd5edf9: am 13c925ca: am 6ff53b96: Merge "Prevent integer overflow when processing covr MPEG4 atoms" into klp-dev * commit '2d80c0a13c40f29d2a4b4aca8765705cbb4b2fe8': Prevent integer overflow when processing covr MPEG4 atoms
| | * | | | | | | | am 370290f4: am bcd5edf9: am 13c925ca: am 6ff53b96: Merge "Prevent integer ↵Wei Jia2015-06-301-0/+4
| | |\ \ \ \ \ \ \ \ | | | |/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | overflow when processing covr MPEG4 atoms" into klp-dev * commit '370290f400ff3057a71a192a70dfd69499aa8937': Prevent integer overflow when processing covr MPEG4 atoms
| | | * | | | | | | am 13c925ca: am 6ff53b96: Merge "Prevent integer overflow when processing ↵Wei Jia2015-06-301-0/+4
| | | |\ \ \ \ \ \ \ | | | | |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | covr MPEG4 atoms" into klp-dev * commit '13c925cab2decaed6786b0642f2b5a9f8516e71a': Prevent integer overflow when processing covr MPEG4 atoms
| | | | * | | | | | am 6ff53b96: Merge "Prevent integer overflow when processing covr MPEG4 ↵Wei Jia2015-06-051-0/+4
| | | | |\ \ \ \ \ \ | | | | | |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | atoms" into klp-dev * commit '6ff53b96235bf99cdc1023b99d44f1c4cade1c0a': Prevent integer overflow when processing covr MPEG4 atoms
| | | | | * | | | | Merge "Prevent integer overflow when processing covr MPEG4 atoms" into klp-devWei Jia2015-06-051-0/+4
| | | | | |\ \ \ \ \
generated by cgit v1.1 at 2024-09-21 20:58:11 +0000