From e9598179f3e286a58e8222a3654701b330cd5268 Mon Sep 17 00:00:00 2001 From: Robert Shih Date: Tue, 24 Jan 2017 18:08:59 -0800 Subject: avc_utils: skip empty NALs from malformed bistreams Avoid a CHECK and make it the decoder's repsonsibility to handle a malformed bistream gracefully. Bug: 34509901 Bug: 33137046 Test: StagefrightTest#testStagefright_bug_27855419_CVE_2016_2463 CVE-2017-0483 Change-Id: I2d94f8da63d65a86a9c711c45546e4c695e0f3b4 (cherry picked from commit 91fe76a157847825601b8f7a627efd1c9cbadcae) (cherry picked from commit 5cabe32a59f9be1e913b6a07a23d4cfa55e3fb2f) --- media/libstagefright/avc_utils.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/media/libstagefright/avc_utils.cpp b/media/libstagefright/avc_utils.cpp index 98b5c0e..bf014ba 100644 --- a/media/libstagefright/avc_utils.cpp +++ b/media/libstagefright/avc_utils.cpp @@ -454,7 +454,10 @@ bool IsAVCReferenceFrame(const sp &accessUnit) { size_t nalSize; bool bIsReferenceFrame = true; while (getNextNALUnit(&data, &size, &nalStart, &nalSize, true) == OK) { - CHECK_GT(nalSize, 0u); + if (nalSize == 0u) { + ALOGW("skipping empty nal unit from potentially malformed bitstream"); + continue; + } unsigned nalType = nalStart[0] & 0x1f; -- cgit v1.1