| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| |
| |
| | |
MPEG4Extractor.cpp: Add check for size == SIZE_MAX
* commit '1a053a0ae002cdda31c39d4c7447b1f7e65dfec6':
MPEG4Extractor.cpp: Add check for size == SIZE_MAX
|
| |\
| | |
| | |
| | |
| | |
| | |
| | | |
check for size == SIZE_MAX
* commit '6f3dc2f34ed8043d30937f436979ef360dcf3774':
MPEG4Extractor.cpp: Add check for size == SIZE_MAX
|
| | |\
| | | |
| | | |
| | | |
| | | | |
* commit 'b449e46904854eccea79a40e16b2ba5132611bf3':
MPEG4Extractor.cpp: Add check for size == SIZE_MAX
|
| | | |\
| | | | |
| | | | |
| | | | |
| | | | | |
* commit 'c570778430a22b5488cae72982cf9fb8033dbda3':
MPEG4Extractor.cpp: Add check for size == SIZE_MAX
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If size == SIZE_MAX, the line:
uint8_t *buffer = new (std::nothrow) uint8_t[size + 1];
ends up allocating zero bytes, which is obviously incorrect.
(cherry picked from commit b2d33aee5122c91a59c2a676c0b89ad340232450)
Bug: 23031033
Change-Id: I8027247a4e24d2c8a8b4eac88c3643eccda108b9
|
|\ \ \ \ \
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
d6ea7f65: am f26400c9: Fix crash on malformed id3
* commit '48192b84db39879e7d83a2f4e7023048fb81ee8e':
Fix crash on malformed id3
|
| |\ \ \ \
| | |/ / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
f26400c9: Fix crash on malformed id3
* commit '0625841daae5bb1351034909ce705aab517eea2d':
Fix crash on malformed id3
|
| | |\ \ \
| | | |/ /
| | | | |
| | | | |
| | | | | |
* commit '578d5b66fc9f5e36ca0cb19b21771aa85ec131ee':
Fix crash on malformed id3
|
| | | |\ \
| | | | |/
| | | | |
| | | | |
| | | | | |
* commit '171b5fadb9d304f5e06686e4f3d060ef335d7250':
Fix crash on malformed id3
|
| | | | |\
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* commit 'd6ea7f65dd31d5dacf497cc3c494d4fa3910f7c3':
Fix crash on malformed id3
|
| | | | | |\
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* commit 'f26400c9d01a0e2f71690d5ebc644270f098d590':
Fix crash on malformed id3
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Bug: 22954006
Change-Id: I488cb1e2c69fc7043b6040481b30fa866000515d
|
| |\ \ \ \ \ \
| | |/ / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
d9a9a324: am 10ef7f75: am b0924c63: am 7af634e1: am 8ec119d2: am d138024f: am b32957db: am a9d7c917: am a99d3d83: am 738a753a: SampleTable: fix integer overflow checks.
* commit '9f7bceff18052171b3042bda945d7e4e94b60f1c':
SampleTable: fix integer overflow checks.
|
| | |\ \ \ \ \
| | | |/ / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
b0924c63: am 7af634e1: am 8ec119d2: am d138024f: am b32957db: am a9d7c917: am a99d3d83: am 738a753a: SampleTable: fix integer overflow checks.
* commit '660620d43898b09126f54a7ca27ca34b011f4726':
SampleTable: fix integer overflow checks.
|
| | | |\ \ \ \
| | | | |/ / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
7af634e1: am 8ec119d2: am d138024f: am b32957db: am a9d7c917: am a99d3d83: am 738a753a: SampleTable: fix integer overflow checks.
* commit 'd8bb17e33ef33ce173fa2d096211785145d41921':
SampleTable: fix integer overflow checks.
|
| | | | |\ \ \
| | | | | |/ /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
8ec119d2: am d138024f: am b32957db: am a9d7c917: am a99d3d83: am 738a753a: SampleTable: fix integer overflow checks.
* commit '42bd61d73e8b4d0b1101e73324a59fde51077112':
SampleTable: fix integer overflow checks.
|
| | | | | |\ \
| | | | | | |/
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
d138024f: am b32957db: am a9d7c917: am a99d3d83: am 738a753a: SampleTable: fix integer overflow checks.
* commit 'd9a9a324766b26be2ff0d10537ea0b215b0261e3':
SampleTable: fix integer overflow checks.
|
| | | | | | |\
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
b32957db: am a9d7c917: am a99d3d83: am 738a753a: SampleTable: fix integer overflow checks.
* commit '10ef7f7514bdf6d9c38c93d9bb0194c0920d152f':
SampleTable: fix integer overflow checks.
|
| | | | | | | |\
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
a9d7c917: am a99d3d83: am 738a753a: SampleTable: fix integer overflow checks.
* commit 'b0924c631cfccd10c1f95d6ae44c8cd852e14a9f':
SampleTable: fix integer overflow checks.
|
| | | | | | | | |\
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
a99d3d83: am 738a753a: SampleTable: fix integer overflow checks.
* commit '7af634e131361862d2e47fb344278e31ed05be4f':
SampleTable: fix integer overflow checks.
|
| | | | | | | | | |\
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
738a753a: SampleTable: fix integer overflow checks.
* commit '8ec119d2f033221e4cb0fd2b2948e780581b3d35':
SampleTable: fix integer overflow checks.
|
| | | | | | | | | | |\
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
* commit 'a9d7c917d3a76d0bef9b8afe7ade206534be68a4':
SampleTable: fix integer overflow checks.
|
| | | | | | | | | | | |\
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
* commit 'a99d3d8327d60c8f8ef3e34fc4b81ef382e9e6d2':
SampleTable: fix integer overflow checks.
|
| | | | | | | | | | | | |\
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
* commit '738a753a3ca7bf8f9f608ca941575626265294e4':
SampleTable: fix integer overflow checks.
|
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
Bug: 20139950
Bug: 22935234
(cherry picked from commit a105482ae577852ffd08ce88ae5d1ba81db875ac)
Change-Id: I408d261de1a6dd5c4343bcf3a7dfd8a259e0e2f3
|
| | | | | | | |\ \ \ \ \ \ \
| | | | | | | | |/ / / / / /
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
a59d5e66: am 8ef5da3d: am 4dd7cb69: Fix integer underflow in ESDS processing
* commit 'ac7cb990cc4c8a59a945ce36e5702e0adb213db4':
Fix integer underflow in ESDS processing
|
| | | | | | | | |\ \ \ \ \ \
| | | | | | | | | |/ / / / /
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
8ef5da3d: am 4dd7cb69: Fix integer underflow in ESDS processing
* commit 'b417986c3a3a6bb9ca33657385a3433ff54090b2':
Fix integer underflow in ESDS processing
|
| | | | | | | | | |\ \ \ \ \
| | | | | | | | | | |/ / / /
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
4dd7cb69: Fix integer underflow in ESDS processing
* commit 'd1c08d6bff6d1936cf0e9cbfa5054128f5280ef3':
Fix integer underflow in ESDS processing
|
| | | | | | | | | | |\ \ \ \
| | | | | | | | | | | |/ / /
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
* commit 'a59d5e6692d0b0dc0924144f596d09e7dd2b193c':
Fix integer underflow in ESDS processing
|
| | | | | | | | | | | |\ \ \
| | | | | | | | | | | | |/ /
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
* commit '8ef5da3ddddd1bb4356d9cc6df4d52ad8afc4459':
Fix integer underflow in ESDS processing
|
| | | | | | | | | | | | |\ \
| | | | | | | | | | | | | |/
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
* commit '4dd7cb699f49b56f94a32080fdac7f0ec8237ff4':
Fix integer underflow in ESDS processing
|
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
Several arithmetic operations within parseESDescriptor could underflow, leading
to an out-of-bounds read operation. Ensure that subtractions from 'size' do not
cause it to wrap around.
Bug: 20139950
Change-Id: I0d1b136ce68fd7c6f606ce66714bf644cfb2961c
(cherry picked from commit 07c0f59d6c48874982d2b5c713487612e5af465a)
|
| | | | | | | |\ \ \ \ \ \ \
| | | | | | | | |/ / / / / /
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
52302d91: am f354c48e: am 5c4428f6: Fix integer overflow during MP4 atom processing
* commit '134dc3110c401544e4d3a3a1deab1c131fb77720':
Fix integer overflow during MP4 atom processing
|
| | | | | | | | |\ \ \ \ \ \
| | | | | | | | | |/ / / / /
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
f354c48e: am 5c4428f6: Fix integer overflow during MP4 atom processing
* commit '80a6d9f37571c89905b8ae4074529a960a5f2194':
Fix integer overflow during MP4 atom processing
|
| | | | | | | | | |\ \ \ \ \
| | | | | | | | | | |/ / / /
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
5c4428f6: Fix integer overflow during MP4 atom processing
* commit 'e10c2e621a0a49618c9d69a7dd09400c23464ced':
Fix integer overflow during MP4 atom processing
|
| | | | | | | | | | |\ \ \ \
| | | | | | | | | | | |/ / /
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
processing
* commit '52302d917b06b11625b9de686153d1e2520f42cd':
Fix integer overflow during MP4 atom processing
|
| | | | | | | | | | | |\ \ \
| | | | | | | | | | | | |/ /
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
* commit 'f354c48e386d1405d67882c382e26e3e4598e797':
Fix integer overflow during MP4 atom processing
|
| | | | | | | | | | | | |\ \
| | | | | | | | | | | | | |/
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
* commit '5c4428f6391478ae983e1fcf7c42c832aa1a5e69':
Fix integer overflow during MP4 atom processing
|
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
A few sample table related FourCC values are handled by the
setSampleToChunkParams function. An integer overflow exists within this
function. Validate that mNumSampleToChunkOffets will not cause an integer
overflow.
Bug: 20139950
Change-Id: I1972cc185fce5e058afa143ad5eabcc269ad324d
(cherry picked from commit c24607c29c96f939aed9e33bfa702b1dd79da4b7)
|
| | | | | | | |\ \ \ \ \ \ \
| | | | | | | | |/ / / / / /
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
4534ec1a: am 4a5fbf74: am 3cc11bfc: Fix several ineffective integer overflow checks
* commit '4837e90fd1d3fa127ef99652d314ad70f4776221':
Fix several ineffective integer overflow checks
|
| | | | | | | | |\ \ \ \ \ \
| | | | | | | | | |/ / / / /
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
4a5fbf74: am 3cc11bfc: Fix several ineffective integer overflow checks
* commit '9c5578c1a3bb00623d6ee99340ce0ce290e6c5a1':
Fix several ineffective integer overflow checks
|
| | | | | | | | | |\ \ \ \ \
| | | | | | | | | | |/ / / /
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
3cc11bfc: Fix several ineffective integer overflow checks
* commit '36617c67a9c29d7f9798972b6514086b22b731f8':
Fix several ineffective integer overflow checks
|
| | | | | | | | | | |\ \ \ \
| | | | | | | | | | | |/ / /
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
overflow checks
* commit '4534ec1a552c125ef7eea0990a84fcefb58335b9':
Fix several ineffective integer overflow checks
|
| | | | | | | | | | | |\ \ \
| | | | | | | | | | | | |/ /
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
* commit '4a5fbf74b493eb293918c41a5b5f60dd7b8ebb58':
Fix several ineffective integer overflow checks
|
| | | | | | | | | | | | |\ \
| | | | | | | | | | | | | |/
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
* commit '3cc11bfc00cbb3ed87a4464777a75606b4973b51':
Fix several ineffective integer overflow checks
|
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
Commit edd4a76 (which addressed bugs 15328708, 15342615, 15342751) added
several integer overflow checks. Unfortunately, those checks fail to take into
account integer promotion rules and are thus themselves subject to an integer
overflow. Cast the sizeof() operator to a uint64_t to force promotion while
multiplying.
Bug: 20139950
Change-Id: Ieb29a170edb805c722fc5658935f2390003e5260
(cherry picked from commit e2e812e58e8d2716b00d7d82db99b08d3afb4b32)
|
| |\ \ \ \ \ \ \ \ \ \ \ \ \
| | |/ / / / / / / / / / / /
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
566c70ca: Guard against codecinfo overflow
* commit '79c896eab1626cc91d7d1942476e445e5a788239':
Guard against codecinfo overflow
|
| | |\ \ \ \ \ \ \ \ \ \ \ \
| | | |/ / / / / / / / / / /
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
overflow
* commit '0bde48f53c285780c1e95fa55bcc7e46f8730320':
Guard against codecinfo overflow
|
| | | |\ \ \ \ \ \ \ \ \ \ \
| | | | |/ / / / / / / / / /
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
* commit '99a1a6a79ca14554d2951101008348a9e2acbb8c':
Guard against codecinfo overflow
|
| | | | |\ \ \ \ \ \ \ \ \ \
| | | | | |/ / / / / / / / /
| | | | | | | | | | | | | |
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
* commit 'e6ca5b2d97f61e96af35fabed8c2ba352b8b5b99':
Guard against codecinfo overflow
|