From 71b1a4e975dfb65660a0119b9d6bf6db77eca09e Mon Sep 17 00:00:00 2001
From: Andreas Huber <andih@google.com>
Date: Thu, 24 Jun 2010 12:16:25 -0700
Subject: Properly identify malformed (too short) chunks in mpeg4 files.

Change-Id: Id2efb1bba195c4ad6f132cd706cc813135ead8a4
---
 media/libstagefright/MPEG4Extractor.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp
index 3639db4..0c2f1e6 100644
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -428,6 +428,14 @@ status_t MPEG4Extractor::parseChunk(off_t *offset, int depth) {
         }
         chunk_size = ntoh64(chunk_size);
         data_offset += 8;
+
+        if (chunk_size < 16) {
+            // The smallest valid chunk is 16 bytes long in this case.
+            return ERROR_MALFORMED;
+        }
+    } else if (chunk_size < 8) {
+        // The smallest valid chunk is 8 bytes long.
+        return ERROR_MALFORMED;
     }
 
     char chunk[5];
-- 
cgit v1.1