From 808632f7bf0a897fb55cc38170ad6c1b2fd86ba2 Mon Sep 17 00:00:00 2001
From: Steve Kondik <shade@chemlab.org>
Date: Mon, 29 Feb 2016 17:32:19 -0800
Subject: stagefright: Don't crash on invalid / null AVCC atoms in MKV

 * Seen in the wild. If a file contains an invalid track, skip it.
 * Also correct AVCC atom size check in Matroska extractor.

REF: CYNGNOS-2168
Change-Id: I589aadbd689c9a00e1dca613e61fcec5b06ed69a
---
 media/libstagefright/MPEG4Extractor.cpp | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'media/libstagefright/MPEG4Extractor.cpp')

diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp
index c928495..3baf6b6 100755
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -3325,11 +3325,13 @@ MPEG4Source::MPEG4Source(
 
         const uint8_t *ptr = (const uint8_t *)data;
 
-        CHECK(size >= 7);
-        CHECK_EQ((unsigned)ptr[0], 1u);  // configurationVersion == 1
-
-        // The number of bytes used to encode the length of a NAL unit.
-        mNALLengthSize = 1 + (ptr[4] & 3);
+        if (size < 7 || ptr[0] != 1) {
+            ALOGE("Invalid AVCC atom, size %zu, configurationVersion: %d",
+                    size, ptr[0]);
+        } else {
+            // The number of bytes used to encode the length of a NAL unit.
+            mNALLengthSize = 1 + (ptr[4] & 3);
+        }
     } else if (mIsHEVC) {
         uint32_t type;
         const void *data;
-- 
cgit v1.1